Vulnerability Description
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.
CVSS Score
6.2
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Charm Firmware | < 1.2.3 |
| Samsung | Charm | - |
Related Weaknesses (CWE)
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08Vendor Advisory
- https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08Vendor Advisory
FAQ
What is CVE-2022-36830?
CVE-2022-36830 is a vulnerability with a CVSS score of 6.2 (MEDIUM). PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.
How severe is CVE-2022-36830?
CVE-2022-36830 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36830?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Charm Firmware, Samsung Charm.