PT-2022-14367 · Google · Android+1

Published

2022-06-01

Updated

2022-06-23

CVE-2022-20125

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-12L

Description In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android versions Android-10 through Android-12L, update to a version that includes the fix for the sandbox escape issue in GBoard. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ASB-A-194402515

CVE-2022-20125

Affected Products

Android

Gboard

PT-2022-14367 · Google · Android+1

CVE-2022-20125

Related Identifiers

Affected Products

References · 5