CVE-2022-22265 MEDIUM

CVE-2022-22265

Vendor Samsung Mobile
Product Samsung Mobile Devices
Weakness CWE-703
KEV Status Known Exploited
Published January 7, 2022
Last update October 21, 2025

CVSS base score

5.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

January 7, 2022 CVE published
October 21, 2025 Record updated