CVE-2022-20224Out-of-bounds Read in Google Android

CWE-125Out-of-bounds Read6 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform System BTGoogle Android
Timeline
PublishedJul 13
Latest updateNov 24

Description

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/androidAndroid-10 Android-11 Android-12 Android-12L
NVDgoogle/android4 versions+3
Androidplatform/system_bt10:010:2022-07-01+2

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

4
OSV
imagemagick vulnerabilities2022-11-24
GHSA
GHSA-vmwq-gw9g-wqfq: In AT_SKIP_REST of bta_hf_client_at2022-07-14
CVEList
CVE-2022-20224: In AT_SKIP_REST of bta_hf_client_at2022-07-13
OSV
CVE-2022-20224: In AT_SKIP_REST of bta_hf_client_at2022-07-01

📋Vendor Advisories

1
Android
CVE-2022-20224: Android Security Bulletin 2022-07-01 CVE: CVE-2022-20224 Severity: HIGH Type: ID Affected AOSP versions: 10, 11, 12, 12L References: A-2207326462022-07-01
CVE-2022-20224 — Out-of-bounds Read in Google Android | cvebase