CVE-2022-20037Improper Input Validation in Google Android

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedFeb 9
Latest updateFeb 11

Description

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/android10.0, 11.0+1

🔴Vulnerability Details

1
GHSA
GHSA-rcf2-975r-j599: In ion driver, there is a possible information disclosure due to an incorrect bounds check2022-02-11
CVE-2022-20037 — Improper Input Validation in Google | cvebase