CVE-2022-20549Out-of-bounds Write in System Keymaster

CWE-787Out-of-bounds Write3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 96.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform System KeymasterGoogle Android
Timeline
PublishedDec 16
Latest updateDec 20

Description

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

Androidplatform/system_keymaster13:013:2022-12-01
CVEListV5google/androidAndroid-13
NVDgoogle/android13.0

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-4xvc-v6c2-656r: In authToken2AidlVec of KeyMintUtils2022-12-20
OSV
CVE-2022-20549: In authToken2AidlVec of KeyMintUtils2022-12-01