CVE-2022-23434: Code Injection
First published: Fri Feb 11 2022(Updated: )
A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Bixby | <3.7.50.6 | |
| Android | =11.0 | |
| Samsung Bixby | <3.7.60.8 | |
| Android | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-23434?
CVE-2022-23434 has been classified as a high severity vulnerability.
How do I fix CVE-2022-23434?
To fix CVE-2022-23434, update Samsung Bixby to version 3.7.60.8 or higher.
What software is affected by CVE-2022-23434?
CVE-2022-23434 affects Samsung Bixby versions prior to 3.7.60.8 on Android S(12) and prior to 3.7.50.6 on Android R(11) and below.
What type of attack is possible due to CVE-2022-23434?
CVE-2022-23434 allows attackers to execute privileged actions by hijacking and modifying the PendingIntent.
Is my device vulnerable to CVE-2022-23434?
If you are using an affected version of Samsung Bixby on compatible Android versions, your device is vulnerable to CVE-2022-23434.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samsung
- canonical/samsung bixby
- vendor/google
- canonical/android
- version/android/11.0
- version/android/12.0