VDB
CVE-2022-20007
CVE-2022-20007
PUBLISHED
CVSS 6.199999809265137 MEDIUM
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342
EPSS 0.02% · 6.5th percentile
Risk Scores
CVSS 2.0
6.199999809265137
EPSS Score
0.02%
6.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Android | Android-10 Android-11 Android-12 Android-12L |
| android | 10.0, 11.0, 12.0 |
Exploit Intelligence
- pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20007 (github-poc)
- pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20007 (github-poc)
- pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20007 (github-poc)
- pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20007 (github-poc)
- Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20007 (github-poc)
- Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20007 (github-poc)
- Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20007 (github-poc)
- Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20007 (github-poc)
- https://source.android.com/security/bulletin/2022-05-01 (circl)
Timeline
- May 3, 2022 CVE Published
- May 11, 2022 EPSS Score
- May 17, 2022 EPSS Score
- Jun 29, 2022 EPSS Score
- Aug 19, 2022 EPSS Score
- Oct 7, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
- Jan 13, 2023 EPSS Score
- Mar 4, 2023 EPSS Score
- Apr 22, 2023 EPSS Score
- Jun 10, 2023 EPSS Score
- Jul 29, 2023 EPSS Score