VDB

CISA-2022-20598

CISA-2022-20598 PUBLISHED CVSS 7.8 HIGH

Reported by google_android · Published December 16, 2022

In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A

Risk Scores

CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
n/aAndroidAndroid kernel
n/aAndroidAndroid kernel, Android kernel

Timeline

  • Dec 16, 2022 CVE Published
  • Apr 18, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›