CVE-2022-20210 — Google Android vulnerability
4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 66.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 15
Latest updateJun 16
Description
The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9