CVE-2022-20010 — Out-of-bounds Read in Google Android

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 38.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform System BT Google Android

Timeline

PublishedMay 10

Latest updateMay 11

Description

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5google/androidAndroid-12 Android-12L

▶NVDgoogle/android12.0, 12.1+1

▶Androidplatform/system_bt12:0 — 12:2022-05-01+1

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-q3xv-j4gf-rpqq: In l2cble_process_sig_cmd of l2c_ble↗2022-05-11

▶

CVEList

CVE-2022-20010: In l2cble_process_sig_cmd of l2c_ble↗2022-05-10

▶

OSV

CVE-2022-20010: In l2cble_process_sig_cmd of l2c_ble↗2022-05-01

▶

📋Vendor Advisories

Android

CVE-2022-20010: Android Security Bulletin 2022-05-01 CVE: CVE-2022-20010 Severity: HIGH Type: ID Affected AOSP versions: 12, 12L References: A-213519176↗2022-05-01

▶