PT-2022-16402 · Samsung · Datausagereminderreceiver+1

H0Rd7

Published

2022-02-11

Updated

2022-02-22

CVE-2022-24000

CVSS v3.1

3.9

Low

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions DataUsageReminderReceiver versions prior to SMR Feb-2022 Release 1

Description The issue allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. This is due to a PendingIntent hijacking vulnerability in DataUsageReminderReceiver.

Recommendations For versions prior to SMR Feb-2022 Release 1, consider restricting access to the DataUsageReminderReceiver to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using implicit Intents with KnoxPrivacyNoticeReceiver to prevent unauthorized media file access.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2022-24000

Affected Products

Datausagereminderreceiver

Knoxprivacynoticereceiver

PT-2022-16402 · Samsung · Datausagereminderreceiver+1

CVE-2022-24000

Weakness Enumeration

Related Identifiers

Affected Products

References · 5