PT-2021-7274 · Google+2 · Android Kernel+2

Published

2021-10-14

·

Updated

2024-04-17

·

CVE-2022-20154

CVSS v3.1

6.4

Medium

VectorAV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Android kernel versions (affected versions not specified)
Description The issue is related to the use of memory after it has been freed in the lock sock nested() function of the Android kernel due to a race condition caused by incorrect synchronization of a shared resource. This could allow an attacker to escalate their privileges locally with System execution privileges. User interaction is not required for exploitation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

BDU:2022-04972
CVE-2022-20154
OESA-2022-1725
OPENSUSE-SU-2022:2549-1
OPENSUSE-SU-2022_2376-1
OPENSUSE-SU-2022_2411-1
OPENSUSE-SU-2022_2422-1
OPENSUSE-SU-2022_2520-1
OPENSUSE-SU-2022_2549-1
OPENSUSE-SU-2022_2615-1
OPENSUSE-SU-2024_0857-1
OPENSUSE-SU-2024_1321-1
SUSE-SU-2022:2376-1
SUSE-SU-2022:2377-1
SUSE-SU-2022:2382-1
SUSE-SU-2022:2393-1
SUSE-SU-2022:2407-1
SUSE-SU-2022:2411-1
SUSE-SU-2022:2424-1
SUSE-SU-2022:2424-2
SUSE-SU-2022:2435-1
SUSE-SU-2022:2438-1
SUSE-SU-2022:2443-1
SUSE-SU-2022:2444-1
SUSE-SU-2022:2445-1
SUSE-SU-2022:2446-1
SUSE-SU-2022:2460-1
SUSE-SU-2022:2461-1
SUSE-SU-2022:2482-1
SUSE-SU-2022:2515-1
SUSE-SU-2022:2516-1
SUSE-SU-2022:2520-1
SUSE-SU-2022:2549-1
SUSE-SU-2022:2615-1
SUSE-SU-2022:2629-1
SUSE-SU-2022:2809-1
SUSE-SU-2022_2435-1
SUSE-SU-2022_2460-1
SUSE-SU-2024:0856-1
SUSE-SU-2024:0857-1
SUSE-SU-2024:0925-1
SUSE-SU-2024:0926-1
SUSE-SU-2024:0975-1
SUSE-SU-2024:1321-1

Affected Products

Android Kernel
Astra Linux
Suse