VDB
ASB-A-216481035
ASB-A-216481035
PUBLISHED
CVSS 6.900000095367432 MEDIUM
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | :linux_kernel: | :0, Kernel, :0 |
Timeline
- May 1, 2022 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2022-05-01 advisory
- https://android.googlesource.com/kernel/common/+/2aea7dc18f4249dc53e53598db50b59c26a60aeb patch
- https://android.googlesource.com/kernel/common/+/8a3679a75730c1babde6bf63e35d227f3305bd90 patch
- https://android.googlesource.com/kernel/common/+/8f66dc1a78a743ea3c3f039500d2aa0cddd776d5 patch