Login Sign Up

CVE-2022-23428

8.4 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability in Samsung's eden_runtime HAL service allows attackers to write arbitrary memory and execute code due to improper boundary checking. It affects Samsung mobile devices running Android with the vulnerable HAL service prior to February 2022 security updates. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:
  • Samsung mobile devices
Versions: Android versions with vulnerable eden_runtime HAL service prior to SMR Feb-2022 Release 1
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specific device models not specified in CVE, but affects Samsung devices with the vulnerable HAL service component.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with root privileges, allowing data theft, persistent backdoor installation, and complete control over the device.

🟠

Likely Case

Local privilege escalation allowing malware to gain elevated permissions, access sensitive data, and install additional payloads.

🟢

If Mitigated

Limited impact with proper security updates applied and device hardening measures in place.

🌐 Internet-Facing: LOW (requires local access or malicious app installation)
🏢 Internal Only: MEDIUM (malicious apps or compromised apps could exploit this locally)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or malicious app installation. Buffer overflow exploitation requires specific knowledge of memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR Feb-2022 Release 1

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install February 2022 security update. 3. Reboot device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary HAL services

android

Restrict access to HAL services if not required for device functionality

App permission restrictions

android

Limit app permissions and install only from trusted sources

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement strict app installation policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check security patch level in Settings > About phone > Software information. If before February 2022, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows February 2022 or later in device settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HAL service access patterns
  • Privilege escalation attempts in system logs
  • Memory corruption events

Network Indicators:

  • Unusual outbound connections from system processes
  • Suspicious inter-process communication

SIEM Query:

Process:eden_runtime AND (EventID:Memory_Corruption OR EventID:Privilege_Escalation)

📊 Metadata

CVE ID: CVE-2022-23428
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: February 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23428, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)