CVE-2022-40278

moderate-risk
Published 2022-09-29

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.

Do I need to act?

-
0.83% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (6)

Tizenrt
Tizenrt
Tizenrt
Tizenrt
Tizenrt
Tizenrt

Affected Vendors

Samsung

References (8)

Exploit https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf...
Exploit https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf...
Issue Tracking https://github.com/Samsung/TizenRT/issues/5628
Technical Description https://www.sqlite.org/c3ref/exec.html
Exploit https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf...
Exploit https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf...
Issue Tracking https://github.com/Samsung/TizenRT/issues/5628
Technical Description https://www.sqlite.org/c3ref/exec.html
42
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 3/34 · Minimal
Exposure 13/34 · Low