Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-20479
HistoryDec 13, 2022 - 12:00 a.m.

CVE-2022-20479

2022-12-1300:00:00
ubuntu.com
ubuntu.com
12
android
notificationchannel
local escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

In NotificationChannel of NotificationChannel.java, there is a possible
failure to persist permissions settings due to resource exhaustion. This
could lead to local escalation of privilege with no additional execution
privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android-10 Android-11 Android-12 Android-12L
Android-13Android ID: A-241764340

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

Related for UB:CVE-2022-20479