CVE-2022-20140
published 2022-06-15CVE-2022-20140: In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.52%
94.4th percentile
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_modules_bluetooth | >= 12L-next:0 < 12L-next:2022-06-01 | 12L-next:2022-06-01 |
| platform | system_bt | >= 12:0 < 12:2022-06-01 | 12:2022-06-01 |
| platform | system_bt | >= 12L:0 < 12L:2022-06-01 | 12L:2022-06-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the Bluetooth GATT server code path — specifically the `read_multi_rsp` function in `gatt_sr.cc`. Monitor for anomalous Bluetooth GATT Read Multiple responses that trigger out-of-bounds writes on Android 12 / 12L devices. ↗
- →No user interaction is required and no additional execution privileges are needed — exploitation can be triggered remotely over Bluetooth, making this a zero-click remote attack vector. Prioritize detection of unexpected Bluetooth GATT traffic to unpatched Android 12/12L devices. ↗
- →Affected platform versions are Android 12 and Android 12L only. Scope detection and patch-verification efforts to devices running these specific AOSP versions. ↗
- ·This is rated CRITICAL severity (EoP) by Android Security Bulletin June 2022. Patch is tracked under Android bug ID A-227618988; verify devices have applied the 2022-06-01 security patch level or later. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p9wg-rw4x-5mjg: In read_multi_rsp of gatt_sr
ghsa_unreviewed·2022-06-16
CVE-2022-20140 [CRITICAL] CWE-787 GHSA-p9wg-rw4x-5mjg: In read_multi_rsp of gatt_sr
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988
OSV
CVE-2022-20140: In read_multi_rsp of gatt_sr
osv·2022-06-01
CVE-2022-20140 CVE-2022-20140: In read_multi_rsp of gatt_sr
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2022-20140: Android Security Bulletin 2022-06-01
CVE: CVE-2022-20140
Severity: CRITICAL
Type: EoP
Affected AOSP versions: 12, 12L
References: A-227618988
vendor_android·2022-06-01·CVSS 9.8
CVE-2022-20140 [CRITICAL] CVE-2022-20140: Android Security Bulletin 2022-06-01
CVE: CVE-2022-20140
Severity: CRITICAL
Type: EoP
Affected AOSP versions: 12, 12L
References: A-227618988
Android Security Bulletin 2022-06-01
CVE: CVE-2022-20140
Severity: CRITICAL
Type: EoP
Affected AOSP versions: 12, 12L
References: A-227618988
No detection rules found.
No public exploits indexed.
2022-06-15
Published