CVE-2022-20423

Name of the Vulnerable Software and Affected Versions Android kernel versions (affected versions not specified)

Description The issue is related to an integer overflow in the rndis set response function of the rndis.c file, which could lead to a local escalation of privilege. This can occur if a malicious USB device is attached, with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android kernel, consider disabling the rndis set response function until a patch is available to prevent potential exploitation. Restrict access to USB devices to minimize the risk of escalation of privilege. At the moment, there is no information about a newer version that contains a fix for this vulnerability.