PT-2022-1372 · Google+3 · Android Kernel+3

Published

2022-08-18

Updated

2025-06-30

CVE-2022-20421

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android kernel versions (affected versions not specified)

Description The issue is related to a use after free vulnerability in the Android kernel's binder system, which can lead to local escalation of privilege without requiring additional execution privileges. User interaction is not needed for exploitation. The vulnerability is associated with the binder inc ref for node function in binder.c.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ASB-A-239630375

BDU:2023-00455

CVE-2022-20421

DLA-3173-1

DSA-5257-1

DSA-5257-2

MGASA-2022-0379

MGASA-2022-0380

OESA-2022-2013

OESA-2022-2014

OESA-2022-2015

USN-5790-1

USN-5791-1

USN-5791-2

USN-5791-3

USN-5792-1

USN-5792-2

USN-5793-1

USN-5793-2

USN-5793-3

USN-5793-4

USN-5815-1

USN-5877-1

Affected Products

Android Kernel

Astra Linux

Linuxmint

Ubuntu

PT-2022-1372 · Google+3 · Android Kernel+3

CVE-2022-20421

Weakness Enumeration

Related Identifiers

Affected Products

References · 125