VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 1, 2022· Updated Aug 3, 2024

CVE-2022-36622

CVE-2022-36622

Description

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in Samsung mTower v0.3.0 and earlier via TEE_GetObjectInfo1 allows denial of service.

Vulnerability

In Samsung Electronics mTower versions v0.3.0 and earlier, the function TEE_GetObjectInfo1 contains a NULL pointer dereference vulnerability. This occurs when the function is called without proper validation of input parameters, leading to a crash.

Exploitation

An attacker with local access to the device or the ability to invoke TEE functions can trigger the NULL pointer dereference by providing a crafted input that leads to a NULL pointer being passed to TEE_GetObjectInfo1. No user interaction beyond system access is required.

Impact

Successful exploitation results in a denial of service (DoS) condition, causing the Trusted Execution Environment (TEE) to crash. This may disrupt security-sensitive operations and system stability. The vulnerability does not lead to code execution or privilege escalation based on available information.

Mitigation

As of the publication date, no official patch or mitigation has been released by Samsung. The affected versions are mTower v0.3.0 and earlier. Users are advised to monitor Samsung's security updates for a fix.

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.