CVE-2022-20302 — Google Android vulnerability

2 documents2 sources

Severity

7.6HIGHNVD

EPSS

0.0%

top 90.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedAug 12

Latest updateAug 13

Description

In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200746457

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5google/androidAndroid-13

▶NVDgoogle/android13.0

🔴Vulnerability Details

GHSA

GHSA-hrm5-m82q-59wm: In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape↗2022-08-13

▶