CVE-2022-20460 : In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation.

In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239557547References: N/A

Published 2022-11-17 23:15:14

Updated 2022-11-22 16:08:20

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Exploit prediction scoring system (EPSS) score for CVE-2022-20460

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-20460

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-20460

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-20460

https://source.android.com/security/bulletin/pixel/2022-11-01

Pixel Update Bulletin—November 2022 | Android Open Source Project
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-20460

Google » Android » Version: N/A
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-20460

Exploit prediction scoring system (EPSS) score for CVE-2022-20460

CVSS scores for CVE-2022-20460

CWE ids for CVE-2022-20460

References for CVE-2022-20460

Products affected by CVE-2022-20460