CVE-2022-2209Frameworks AV vulnerability

3 documents3 sources
Severity
N/A
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Platform Frameworks AV
Timeline
PublishedJul 23
Latest updateNov 1

Description

io_uring uses work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. The mapping of flags is incomplete, which leads to multiple incorrect reference counts and hence use-after-free. We recommend upgrading past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859

Affected Packages1 packages

Androidplatform/frameworks_av10:010:2022-11-01+4

🔴Vulnerability Details

2
OSV
CVE-2022-2209: In getSecurityLevel and setSecurityLevel of DrmPlugin2022-11-01
GHSA
GHSA-93qq-m35f-rfvj: io_uring uses work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when2022-07-23

📋Vendor Advisories

1
Android
CVE-2022-2209: Android Security Bulletin 2022-11-01 CVE: CVE-2022-2209 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11, 12, 12L, 13 References: A-2356018822022-11-01
CVE-2022-2209 — Platform Frameworks AV vulnerability | cvebase