CVE-2022-25681 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 69.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedDec 13

Description

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-mph7-2393-pmmf: Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Sn↗2022-12-13

▶

📋Vendor Advisories

Android

CVE-2022-25681: Closed-source component↗2022-12-01

▶