CVE-2022-27573
Description
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper input validation in libsimba library functions allows out-of-bounds write by privileged attackers on Samsung mobile devices prior to SMR Apr-2022 Release 1.
Vulnerability
Improper input validation vulnerability exists in the parser_infe and sheifd_find_itemIndexin functions of the libsimba library on Samsung mobile devices. The issue affects all versions prior to SMR Apr-2022 Release 1. The flaw allows an out-of-bounds write when processing specially crafted input, due to insufficient validation of data passed to these functions [1].
Exploitation
To exploit this vulnerability, an attacker must have privileged access to the device. The attacker can trigger the out-of-bounds write by providing malicious input to the affected library functions. No user interaction is required beyond the attacker's initial privilege level [1].
Impact
Successful exploitation results in an out-of-bounds write, which could lead to memory corruption. The precise impact depends on the attacker's objectives, but could include denial of service or potential code execution within the privileged context [1].
Mitigation
The vulnerability is fixed in the Samsung Mobile Security update SMR Apr-2022 Release 1. Users should update their devices to this or a later release. No workarounds are documented. The vulnerability is not listed on CISA's KEV at the time of writing [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < SMR Apr-2022 Release 1
- Range: Q(10), R(11), S(12)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- security.samsungmobile.com/securityUpdate.smsbmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.