CVE-2022-32590Improper Check for Unusual or Exceptional Conditions in Google Android

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-755Improper Handling of Exceptional Conditions3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 94.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google AndroidLinuxfoundation Yocto
Timeline
PublishedOct 7
Latest updateOct 8

Description

In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDgoogle/android11.0, 12.0+1
NVDlinuxfoundation/yocto3.1, 3.3+1

🔴Vulnerability Details

2
GHSA
GHSA-5fhf-cvqm-hg98: In wlan, there is a possible use after free due to an incorrect status check2022-10-08
CVEList
CVE-2022-32590: In wlan, there is a possible use after free due to an incorrect status check2022-10-07
CVE-2022-32590 — Google Android vulnerability | cvebase