CVE-2022-22265

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 1 article Published: 2022-01-07

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.18%

probability

This CVE has a 0.18% probability of being exploited in the next 30 days.

0% Top 39.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

5.0

MEDIUM

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Description

VulnerabilityLookup (CNA)

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Affected Products

Samsung Mobile

Samsung Mobile Devices

O(8.x), P(9.0), Q(10.0), R(11.0), S(12.0)

Attack Intelligence

CWE-703 · Improper Check or Handling of Exceptional Conditions

Google Project Zero

Patched

Jan. 1, 2022

Reported by

Seong Jang of STEALIEN

Root Cause Analysis

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-22265.html

https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

95%

EPSS 0.18%

CVSS v3.1 5.0

Mentions 1

CNA Information

CNA Assigner

Samsung Mobile

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026

Published DateJan 07, 2022