CVE-2022-22271
https://notcve.org/view.php?id=CVE-2022-22271
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. Una falta de comprobación de entrada antes de la copia de memoria en TIMA trustlet versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes copiar datos de una memoria arbitraria • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-125: Out-of-bounds Read •
CVE-2022-22270
https://notcve.org/view.php?id=CVE-2022-22270
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. Una vulnerabilidad de secuestro de Intención Implícita en Dialer versiones anteriores a SMR Jan-2022 Release 1, permite a las aplicaciones no privilegiadas acceder a información de los contactos • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-22269
https://notcve.org/view.php?id=CVE-2022-22269
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. Mantener datos confidenciales en BluetoothSettingsProvider sin protección versiones anteriores a 1 de SMR Jan-2022 permite a las aplicaciones que no son confiable conseguir una dirección MAC local de Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-22267
https://notcve.org/view.php?id=CVE-2022-22267
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. Una vulnerabilidad de secuestro de Intención Implícita en ActivityMetricsLogger versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes conseguir información de la aplicación en ejecución • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-22268
https://notcve.org/view.php?id=CVE-2022-22268
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. Una implementación incorrecta de Knox Guard versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes físicamente próximos desbloquear temporalmente Knox Guard por medio del modo Samsung DeX • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •