CVE-2022-22265

MEDIUM KEV

NPU driver <SMR Jan-2022 Release 1 - Memory Corruption

Title source: llm

Description

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

References (2)

[Vendor Advisory] https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22265

Scores

CVSS v3 5.0

EPSS 0.0019

EPSS Percentile 40.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Details

CISA KEV 2023-09-18

VulnCheck KEV 2022-01-01

InTheWild.io 2023-09-13

ENISA EUVD EUVD-2022-27412

CWE

CWE-703

Status published

Products (4)

google/android 9.0

google/android 10.0

google/android 11.0

google/android 12.0

Published Jan 10, 2022

KEV Added Sep 18, 2023

Tracked Since Feb 18, 2026