CVE-2022-20113

Name of the Vulnerable Software and Affected Versions Android versions Android-12 through Android-12L

Description A logic error in the DefaultUsbConfigurationPreferenceController.java could allow for the enablement of file transfer mode, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions Android-12 through Android-12L, consider restricting the use of the DefaultUsbConfigurationPreferenceController until a patch is available. As a temporary workaround, avoid using the file transfer mode to minimize the risk of exploitation.