PT-2022-1371 · Google+3 · Android Kernel+3

Published

2022-07-04

·

Updated

2024-04-19

·

CVE-2022-20422

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Android kernel
Description The issue is related to a race condition in the emulation proc handler function of armv8 deprecated.c, which could lead to memory corruption. This may result in local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation. The vulnerability could allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations For Android kernel, consider applying a patch from the upstream kernel to resolve the issue. As a temporary workaround, restricting access to the emulation proc handler function may help minimize the risk of exploitation.

Exploit

Fix

Race Condition

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-667

Related Identifiers

ASB-A-237540956
BDU:2023-04785
CVE-2022-20422
DLA-3173-1
OESA-2022-2013
OESA-2022-2014
OESA-2022-2015
USN-5727-1
USN-5727-2
USN-5728-1
USN-5728-2
USN-5728-3
USN-5729-1
USN-5729-2
USN-5774-1
USN-6739-1

Affected Products

Android Kernel
Astra Linux
Linuxmint
Ubuntu