PT-2021-7729 · Samsung · Samsung Exynos Npu Driver

Published

2021-09-25

Updated

2025-10-30

CVE-2022-22265

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samsung Exynos NPU driver versions prior to SMR Jan-2022 Release 1

Description The issue is related to an improper check or handling of exceptional conditions in the NPU driver, which can allow an attacker to perform arbitrary memory write and code execution. This is due to a use-after-free vulnerability. The vulnerability affects kernel memory handling and can be exploited to achieve code execution.

Recommendations For Samsung Exynos NPU driver versions prior to SMR Jan-2022 Release 1: Update to a version released after SMR Jan-2022 Release 1 to resolve the issue. As a temporary workaround, consider restricting access to the NPU driver to minimize the risk of exploitation.

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-703CWE-755

Related Identifiers

BDU:2023-02049

CVE-2022-22265

Affected Products

Samsung Exynos Npu Driver

PT-2021-7729 · Samsung · Samsung Exynos Npu Driver

CVE-2022-22265

Weakness Enumeration

Related Identifiers

Affected Products

References · 24