PT-2021-1504 · Google+7 · Android Kernel+7
Published
2021-07-16
·
Updated
2024-02-02
·
CVE-2022-20141
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Android kernel versions (affected versions not specified)
Description:
The issue is related to the implementation of the
ip check mc rcu() function in the Inet Sockets component of the Android kernel, which involves the use of memory after it has been freed due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets, with no additional execution privileges needed. User interaction is not required for exploitation.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Race Condition
Improper Locking
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Android Kernel
Astra Linux
Centos
Red Hat
Suse
Ubuntu