CVE-2022-20128 — Packages Modules ADB vulnerability

1 documents1 sources

Severity

—N/A

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Modules ADB Platform System Core

Timeline

PublishedJun 1

Description

In finishLsImpl of file_sync_client.cpp, there is a possible way to access host's files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Packages2 packages

▶Androidplatform/system_core10:0 — 10:2022-06-01+1

▶Androidplatform/packages_modules_adb12L-next:0 — 12L-next:2022-06-01+2

🔴Vulnerability Details

OSV

CVE-2022-20128: In finishLsImpl of file_sync_client↗2022-06-01

▶