Ubuntu.comUB:CVE-2022-20011CVE-2022-20011
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
In getArray of NotificationManagerService.java , there is a possible leak
of one user notifications to another due to missing check. This could lead
to local information disclosure with no additional execution privileges
needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID:
A-214999128
References
android.googlesource.com/platform/frameworks/base/+/f315ba91df3829d862371fbab9da584ce0a59bc6
launchpad.net/bugs/cve/CVE-2022-20011
nvd.nist.gov/vuln/detail/CVE-2022-20011
security-tracker.debian.org/tracker/CVE-2022-20011
source.android.com/security/bulletin/2022-05-01
www.cve.org/CVERecord?id=CVE-2022-20011
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%