PT-2022-14363 · Google · Android Kernel

Published

2022-05-10

Updated

2022-05-17

CVE-2022-20121

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a missing permission check in the USCCDMPlugin.java file, specifically in the getNodeValue method. This could lead to the disclosure of ICCID, resulting in local information disclosure. No additional execution privileges are required for exploitation, and user interaction is not necessary.

Recommendations For Android kernel, consider implementing a permission check in the getNodeValue method of USCCDMPlugin.java to prevent unauthorized access to sensitive information. As a temporary workaround, restrict access to the USCCDMPlugin.java module to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-20121

Affected Products

Android Kernel

PT-2022-14363 · Google · Android Kernel

CVE-2022-20121

Weakness Enumeration

Related Identifiers

Affected Products

References · 2