Ubuntu.comUB:CVE-2022-20158CVE-2022-20158
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:M/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory
corruption due to a use after free. This could lead to local escalation of
privilege with System execution privileges needed. User interaction is not
needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-182815710References: Upstream kernel
Notes
| Author | Note |
|---|---|
| sbeattie | It seems the android advisory that contains this CVE has been updated to correctly reflect the associated commits with this issue; furthermore, it appears to have been introduced with an android only commit (see lore reference). |
References
android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b
android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678
launchpad.net/bugs/cve/CVE-2022-20158
lore.kernel.org/all/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2022-20158
security-tracker.debian.org/tracker/CVE-2022-20158
source.android.com/security/bulletin/pixel/2022-08-01
www.cve.org/CVERecord?id=CVE-2022-20158
Related
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:M/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%