CVE-2022-28793
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-28793
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对因果或异常条件的不恰当检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
Samsung Galaxy S3 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Samsung Galaxy S3是韩国三星(Samsung)公司的一款智能手机。 Samsung Galaxy S3存在安全漏洞,该漏洞源于StrongBox状态维护不正确。攻击者利用该漏洞在破坏TEE后在设备启动周期期间更改Android ROT。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices | - ~ Galaxy S22 | - |
II. Public POCs for CVE-2022-28793
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-28793
请登录查看更多情报信息。
Same Patch Batch · Samsung Mobile · 2022-05-03 · 14 CVEs total
| CVE-2022-28781 | 7.7 HIGH | Samsung SMR 输入验证错误漏洞 |
| CVE-2022-28783 | 6.2 MEDIUM | Samsung SMR 输入验证错误漏洞 |
| CVE-2022-28789 | 6.2 MEDIUM | Voice Note 安全漏洞 |
| CVE-2022-28791 | 6.2 MEDIUM | Samsung Galaxy Store输入验证错误漏洞 |
| CVE-2022-28792 | 6.2 MEDIUM | Gear IconX PC Manager 代码问题漏洞 |
| CVE-2022-28780 | 5.0 MEDIUM | Samsung SMR 安全漏洞 |
| CVE-2022-28782 | 4.6 MEDIUM | Samsung SMR 安全漏洞 |
| CVE-2022-28784 | 4.0 MEDIUM | Samsung SMR 路径遍历漏洞 |
| CVE-2022-28785 | 4.0 MEDIUM | Samsung SMR 缓冲区错误漏洞 |
| CVE-2022-28786 | 4.0 MEDIUM | Samsung SMR缓冲区错误漏洞 |
| CVE-2022-28787 | 4.0 MEDIUM | Samsung SMR 缓冲区错误漏洞 |
| CVE-2022-28788 | 4.0 MEDIUM | Samsung SMR 缓冲区错误漏洞 |
| CVE-2022-28790 | 4.0 MEDIUM | Link to Windows Service 授权问题漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-754
- CVE-2026-41662
Admidio: Missing Minimum Administrator Check in Role Members - CVE-2026-35225
Improper timeout handling in CODESYS EtherNetIP - CVE-2026-35366
uutils coreutils printenv Security Inspection Bypass via UTF - CVE-2026-40343
free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPos - CVE-2026-40249
free5gc UDR fail-open request handling in PolicyDataSubsToNo
V. Comments for CVE-2022-28793
No comments yet