CVE-2022-28793 - OpenCVE

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Galaxy S22 Firmware Galaxy S22

Configuration 1 [-]

AND

cpe:2.3:o:samsung:galaxy_s22_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s22:-:*:*:*:*:*:*:*

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2022-05-03T19:44:08

Updated: 2022-05-03T19:44:08

Reserved: 2022-04-07T00:00:00

Link: CVE-2022-28793

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-03T20:15:09.803

Modified: 2022-05-11T17:56:00.663

Link: CVE-2022-28793

JSON object: View

Redhat Information

No data.

CWE

CWE-754

{"containers": {"cna": {"affected": [{"product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [{"lessThan": "Galaxy S22", "status": "affected", "version": "-", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-03T19:44:08", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-28793", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Samsung Mobile Devices", "version": {"version_data": [{"version_affected": "<", "version_name": "-", "version_value": "Galaxy S22"}]}}]}, "vendor_name": "Samsung Mobile"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5", "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2022-28793", "datePublished": "2022-05-03T19:44:08", "dateReserved": "2022-04-07T00:00:00", "dateUpdated": "2022-05-03T19:44:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s22_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "033A5F31-7E59-49EE-8C57-F40844AFEE90", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s22:-:*:*:*:*:*:*:*", "matchCriteriaId": "C291A489-9D53-4706-B84D-15DEED0E41C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time."}, {"lang": "es", "value": "Dado que el TEE est\u00e1 comprometido y controlado por el atacante, un mantenimiento inapropiado del estado en StrongBox permite a atacantes cambiar el ROT de Android durante el ciclo de arranque del dispositivo despu\u00e9s de comprometer el TEE. El parche es aplicado en el Galaxy S22 para evitar el cambio del ROT de Android despu\u00e9s de la primera inicializaci\u00f3n en el arranque"}], "id": "CVE-2022-28793", "lastModified": "2022-05-11T17:56:00.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2022-05-03T20:15:09.803", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "mobile.security@samsung.com", "type": "Secondary"}]}