CVE-2022-33691 - OpenCVE

A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Exynos 9820
Google	Android

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*
	cpe:2.3:o:google:android:12.0:::::::*

cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*

References

Link	Resource
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2022-07-11T13:34:41

Updated: 2022-07-11T13:34:41

Reserved: 2022-06-15T00:00:00

Link: CVE-2022-33691

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-12T14:15:17.373

Modified: 2022-07-16T03:45:58.163

Link: CVE-2022-33691

JSON object: View

Redhat Information

No data.

CWE

CWE-367

{"containers": {"cna": {"affected": [{"product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [{"lessThan": "SMR Jul-2022 Release 1", "status": "affected", "version": "Q(10), R(11), S(12) devices with Exynos 9820 chipset", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-11T13:34:41", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33691", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Samsung Mobile Devices", "version": {"version_data": [{"version_affected": "<", "version_name": "Q(10), R(11), S(12) devices with Exynos 9820 chipset", "version_value": "SMR Jul-2022 Release 1"}]}}]}, "vendor_name": "Samsung Mobile"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7", "refsource": "MISC", "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2022-33691", "datePublished": "2022-07-11T13:34:41", "dateReserved": "2022-06-15T00:00:00", "dateUpdated": "2022-07-11T13:34:41", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B8C35DE-1C58-4C6E-BB15-0E3C2FECB8DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations."}, {"lang": "es", "value": "Una posible vulnerabilidad de condici\u00f3n de carrera en score driver versiones anteriores a SMR Jul-2022 Release 1, puede permitir a atacantes locales intercalar operaciones maliciosas"}], "id": "CVE-2022-33691", "lastModified": "2022-07-16T03:45:58.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2022-07-12T14:15:17.373", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=7"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-367"}], "source": "mobile.security@samsung.com", "type": "Secondary"}]}