CVE-2022-20409

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a use after free in the io uring subsystem of the Linux kernel, which could lead to local escalation of privilege with System execution privileges needed. User interaction is not required for exploitation. This could impact the confidentiality, integrity, and availability of protected information or allow an attacker to elevate their privileges.

Recommendations For Android kernel, consider applying a patch from the upstream kernel to resolve the issue. As a temporary workaround, consider restricting access to the io uring subsystem until a patch is available. Avoid using the io identity cow function in the affected io uring.c file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.