This report provides details for a vulnerability, CVE-2022-22292, discovered by Kryptowire that is present in various Samsung Android devices running Android versions 9, 10, 11, and 12. The vulnerability allows any local app on the device (including third-party apps with zero permissions) to provide arbitrary
Intentobjects that will be used by a pre-installed app (com.android.server.telecom) executing as the system user to start an activity app component (even those that are not exported) of the attacker’s choosing, affecting Android versions 10, 11, and 12.The same vulnerability is present on Android 9, although it allows zero-permission third-party apps to provide arbitrary
Intentobjects that are sent to broadcast receiver app components by the same vulnerable pre-installed app executing as thesystemuser (instead of being used to start arbitrary activity app components in more recent Android versions). This vulnerability allows a third-party app to provide arbitraryIntentobjects that will be started by a pre-installed app executing as thesystemuser with all its permissions, privileges, and capabilities. Start arbitrary activity app components as the system user vulnerability Affecting Samsung Android devices
so.cl
CVE-2022-22292 - Vulnerability affecting Samsung Android devices
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer
CVE-2022-22292 - Vulnerability affecting Samsung Android devices
Nickname: