Lucene search

K
nvd[email protected]NVD:CVE-2022-20235
HistoryJan 26, 2023 - 9:15 p.m.

CVE-2022-20235

2023-01-2621:15:26
CWE-787
web.nvd.nist.gov
powervr gpu
kernel driver
cache subsystem
memory corruption
android soc
android id
vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

The PowerVR GPU kernel driver maintains an β€œInformation Page” used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780

Affected configurations

NVD
Node
googleandroidMatch-

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for NVD:CVE-2022-20235