exploitDog

CVE-2022-20598

Опубликовано: 16 дек. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A

Ссылки

https://source.android.com/security/bulletin/pixel/2022-12-01
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2022-12-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00037

Низкий

7.8 High

CVSS3

Дефекты

CWE-190

CWE-190

Связанные уязвимости

GHSA-vqpx-8xr2-92j5

CVSS3: 7.8

github

около 3 лет назад

In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A

EPSS

Процентиль: 11%

0.00037

Низкий

7.8 High

CVSS3

Дефекты

CWE-190

CWE-190