CVE-2022-36829

MEDIUM

Charm <1.2.3 - Local Privilege Escalation

Title source: llm
STIX 2.1

Description

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

References (1)

Core 1
Core References

Scores

CVSS v3 6.2
EPSS 0.0017
EPSS Percentile 6.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-927
Status published
Products (1)
samsung/charm_firmware < 1.2.3
Published Aug 05, 2022
Tracked Since Feb 18, 2026