exploitDog

CVE-2022-20461

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963

Ссылки

https://source.android.com/security/bulletin/2023-01-01
Vendor Advisory
https://source.android.com/security/bulletin/2023-01-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.0005

Низкий

7.8 High

CVSS3

Дефекты

CWE-843

CWE-843

Связанные уязвимости

GHSA-mhx4-xrcq-h9g5

CVSS3: 7.8

github

около 3 лет назад

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963

EPSS

Процентиль: 15%

0.0005

Низкий

7.8 High

CVSS3

Дефекты

CWE-843

CWE-843