CVE-2022-20461Type Confusion in Packages Modules Bluetooth

CWE-843Type Confusion6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 85.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Platform Packages Modules BluetoothPlatform System BTGoogle Android
Timeline
PublishedJan 26
Latest updateApr 15

Description

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/androidAndroid-10 Android-11 Android-12 Android-12L Android-13
NVDgoogle/android5 versions+4
Androidplatform/system_bt10:010:2023-01-01+2
Androidplatform/packages_modules_bluetooth13:013:2023-01-01

🔴Vulnerability Details

4
VulDB
Google Android 10.0/11.0/12.0/13.0 pinReplyNative out-of-bounds (A-228602963 / EUVD-2022-25721)2026-04-15
GHSA
GHSA-mhx4-xrcq-h9g5: In pinReplyNative of com_android_bluetooth_btservice_AdapterService2023-01-26
CVEList
CVE-2022-20461: In pinReplyNative of com_android_bluetooth_btservice_AdapterService2023-01-24
OSV
CVE-2022-20461: In pinReplyNative of com_android_bluetooth_btservice_AdapterService2023-01-01

📋Vendor Advisories

1
Android
CVE-2022-20461: Android Security Bulletin 2023-01-01 CVE: CVE-2022-20461 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11, 12, 12L, 13 References: A-2286029632023-01-01
CVE-2022-20461 — Type Confusion | cvebase