Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-20369
HistoryAug 11, 2022 - 12:00 a.m.

CVE-2022-20369

2022-08-1100:00:00
ubuntu.com
ubuntu.com
87
cve-2022-20369
v4l2-mem2mem.c
android kernel
out of bounds write
local privilege escalation
improper input validation
system execution privileges

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds
write due to improper input validation. This could lead to local escalation
of privilege with System execution privileges needed. User interaction is
not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
ID: A-223375145References: Upstream kernel

Notes

Author Note
rodrigo-zaiden USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-204.215UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-128.144UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-35.36UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1150.163UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1086.93UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1009.11UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1086.93~18.04.1UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1151.164~16.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1094.100UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1008.9UNKNOWN
Rows per page:
1-10 of 531

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%