Details of VAR-202205-0363

ID

VAR-202205-0363

CVE

CVE-2022-28793

TITLE

Samsung Galaxy S22 StrongBox State Maintenance Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-02599

DESCRIPTION

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time. Samsung Galaxy S22 is a smartphone product released by Samsung on February 9, 2022. Samsung Galaxy S22 StrongBox has a state maintenance error vulnerability, which stems from incorrect StrongBox state maintenance

Trust: 1.53

sources: NVD: CVE-2022-28793 // CNVD: CNVD-2025-02599 // VULMON: CVE-2022-28793

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02599

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy s22	scope:	eq	version:	-	Trust: 1.0
vendor:	samsung	model:	galaxy s22	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-02599 // NVD: CVE-2022-28793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28793
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-28793
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-02599
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202205-1985
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-28793
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-28793
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2025-02599
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-28793
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2025-02599 // VULMON: CVE-2022-28793 // CNNVD: CNNVD-202205-1985 // NVD: CVE-2022-28793 // NVD: CVE-2022-28793

PROBLEMTYPE DATA

problemtype:

CWE-754

Trust: 1.0

sources: NVD: CVE-2022-28793

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-1985

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-1985

PATCH

title:	Patch for Samsung Galaxy S22 StrongBox State Maintenance Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/654601	Trust: 0.6
title:	Samsung Galaxy S3 Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192395	Trust: 0.6

sources: CNVD: CNVD-2025-02599 // CNNVD: CNNVD-202205-1985

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28793	Trust: 2.3
db:	CNVD	id:	CNVD-2025-02599	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-1985	Trust: 0.6
db:	VULMON	id:	CVE-2022-28793	Trust: 0.1

sources: CNVD: CNVD-2025-02599 // VULMON: CVE-2022-28793 // CNNVD: CNNVD-202205-1985 // NVD: CVE-2022-28793

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=5	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28793	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-28793/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/754.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-02599 // VULMON: CVE-2022-28793 // CNNVD: CNNVD-202205-1985 // NVD: CVE-2022-28793

SOURCES

db:	CNVD	id:	CNVD-2025-02599
db:	VULMON	id:	CVE-2022-28793
db:	CNNVD	id:	CNNVD-202205-1985
db:	NVD	id:	CVE-2022-28793

LAST UPDATE DATE

2025-02-10T23:33:31.128000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02599	date:	2025-02-08T00:00:00
db:	VULMON	id:	CVE-2022-28793	date:	2022-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202205-1985	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-28793	date:	2024-11-21T06:57:56.790

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02599	date:	2022-09-23T00:00:00
db:	VULMON	id:	CVE-2022-28793	date:	2022-05-03T00:00:00
db:	CNNVD	id:	CNNVD-202205-1985	date:	2022-05-03T00:00:00
db:	NVD	id:	CVE-2022-28793	date:	2022-05-03T20:15:09.803