PendingIntent Hijacking Vulnerability in Samsung Charm Application
CVE-2022-36829

6.2MEDIUM

Key Information:

Vendor: Samsung
Status: Charm By Samsung
Vendor: CVE Published:; 5 August 2022

Summary

A vulnerability in the Samsung Charm application prior to version 1.2.3 allows local attackers to exploit the releaseAlarm method, resulting in unauthorized access to files through implicit intent. This issue could enable malicious users to bypass security measures and gain access to sensitive data without proper permissions.

Affected Version(s)

Charm by Samsung < 1.2.3

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2022
Vulnerability Reserved
Jul 27, 2022