VDB
PUB-A-205573273
PUB-A-205573273
PUBLISHED
CVSS 8.600000381469727 HIGH
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | :linux_kernel: | Kernel, :0, Kernel |
Timeline
- Aug 1, 2022 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2022-08-01 advisory
- https://android.googlesource.com/kernel/common/+/721fb79e0eccd371a70054726dfe6931e6ed23e4 patch
- https://android.googlesource.com/kernel/common/+/0d752f78b20dbe4eeb9bc76f118889f1898948ca patch
- https://android.googlesource.com/kernel/common/+/f48f8f7c3fdc21f34c45a7b3eeafb3109cf3340f patch
- https://android.googlesource.com/kernel/common/+/7f04e0c309811e762872a7ce71fba9cb359dd2c0 patch
- https://android.googlesource.com/kernel/common/+/b6b3781a patch
- https://android.googlesource.com/kernel/common/+/618a931c patch