CVE-2022-39886

Vulnerability

An improper access control vulnerability exists in the IpcRxServiceModeBigDataInfo function of the Radio Interface Layer (RIL) in Samsung mobile devices. This vulnerability affects devices running RIL versions prior to the SMR Nov-2022 Release 1 security update. The improper access control allows a local attacker to bypass intended restrictions and access device information that should be protected.

Exploitation

To exploit this vulnerability, an attacker must have local access to the device, such as through a malicious application installed on the device or physical access. No special privileges or user interaction is required. The attacker can trigger the vulnerable function to retrieve sensitive device information without proper authorization.

Impact

Successful exploitation allows the attacker to access device information, including potentially sensitive data such as device identifiers, configuration details, or other system information. This compromises the confidentiality of the device, but does not provide code execution or persistent access.

Mitigation

The vulnerability is fixed in the Samsung Mobile Security update for November 2022 (SMR Nov-2022 Release 1). Users should ensure their devices are updated to the latest security patch level. No workarounds are available [1].