CVE Published: 03/05/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: Samsung Mobile |
Vendor: Samsung Mobile |
Product: Samsung Mobile Devices Status : PUBLISHED
CVE-2022-28793 Description
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.
Metrics
CVSS Version: 3.1 |
Base Score: 4.4 MEDIUM Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* LOW Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED