Lucene search

[email protected]CVE-2022-20608

HistoryDec 16, 2022 - 4:15 p.m.

CVE-2022-20608

2022-12-1616:15:21

CWE-125

[email protected]

web.nvd.nist.gov

cve-2022-20608

pixel

android

firmware

out of bounds read

local information disclosure

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A

Affected configurations

NVD

Node

googleandroidMatch-

CPENameOperatorVersion
google:androidgoogle androideq-

CPE	Name	Operator	Version
google:android	google android	eq	-

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Android",
    "versions": [
      {
        "version": "Android kernel",
        "status": "affected"
      }
    ]
  }
]

References

source.android.com/security/bulletin/pixel/2022-12-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-20608

nvd1 cnvd1 cvelist1 prion1