CVE-2022-22265
MEDIUM KEVNPU driver <SMR Jan-2022 Release 1 - Memory Corruption
Title source: llmExploitation Summary
CVE-2022-22265 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 18, 2023.
Description
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22265
Scores
CVSS v3
5.0
EPSS
0.0015
EPSS Percentile
35.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-09-18
VulnCheck KEV
2022-01-01
InTheWild.io
2023-09-13
ENISA EUVD
EUVD-2022-27412
CWE
CWE-703
Status
published
Products (4)
google/android
9.0
google/android
10.0
google/android
11.0
google/android
12.0
Published
Jan 10, 2022
KEV Added
Sep 18, 2023
Tracked Since
Feb 18, 2026