CVE-2022-20146

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a possible incorrect file access due to a confused deputy in the uploadFile method of FileUploadServiceImpl.java. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android kernel, consider restricting access to sensitive files until a patch is available. As a temporary workaround, review file access permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.