CVE-2022-20422

low-risk

Published 2022-10-11

In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (2)

Android

Debian Linux

Affected Vendors

Debian Google

References (4)

Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Patch https://source.android.com/security/bulletin/2022-10-01

Mailing List https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Patch https://source.android.com/security/bulletin/2022-10-01

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low