CVE-2022-20436 There is an unauthorized service in the system service
We can find this type of exploitation in any system with a component without permission check. In most cases, it was used in the system
CVE-2022-20417 AudioTransportsToHal in HidlUtils.cpp has a possible out of bounds write due to a bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
An out of bounds write has been found in the audioTransportToHal() function of HidlUtils.cpp. By sending a large audio chunk (at least 10MB) in
CVE-2022-20410 Avrc_pars_ctrl_pars_vendor_rsp has an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.
This issue has been fixed in the latest Google Android releases. Google released the patch updated for these versions: Android 6.0.1, 7.0,
CVE-2022-20422 In the armv8_deprecated.c emulation_proc_handler, there is a race condition that can corrupt memory. This could lead to local escalation of privilege with no additional execution privileges needed.
This issue has been addressed by Google by updating the kernel. It is recommended to apply the vendor updates as soon as possible. At the
CVE-2022-20423 In rndis_set_response of rndis.c, there is an integer overflow that could lead to local escalation of privilege if a malicious USB device is attached.
This issue has been fixed in the latest version of the kernel as of version 4.15. The update can be installed using the standard
Episode
00:00:00
00:00:00