cbcvebase.
CVE-2022-20229
published 2022-07-13

CVE-2022-20229: In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.08%
79.1th percentile
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184

Affected

9 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformsystem_bt>= 10:0 < 10:2022-07-0110:2022-07-01
platformsystem_bt>= 11:0 < 11:2022-07-0111:2022-07-01
platformsystem_bt>= 12:0 < 12:2022-07-0112:2022-07-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in bta_hf_client_handle_cind_list_item function within bta_hf_client_at.cc — monitor for anomalous Bluetooth HF Client AT command parsing activity or crashes in this component
  • No user interaction required and no additional privileges needed — exploitation can occur silently over Bluetooth, making passive Bluetooth traffic anomalies a detection signal
  • Affected Android versions are 10, 11, 12, and 12L — prioritize detection and patching on devices running these AOSP versions
  • ·This is a critical-severity RCE with no user interaction required, classified under the Bluetooth stack (HF Client profile). No public exploit code or network-based IOCs (hashes, IPs, domains) are referenced in the available sources — detection must rely on behavioral/patch-level signals.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.