CVE-2022-36830

MEDIUM

Charm by Samsung <1.2.3 - Privilege Escalation

Title source: llm
STIX 2.1

Description

PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

References (1)

Core 1
Core References

Scores

CVSS v3 6.2
EPSS 0.0017
EPSS Percentile 6.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-927
Status published
Products (1)
samsung/charm_firmware < 1.2.3
Published Aug 05, 2022
Tracked Since Feb 18, 2026