PT-2022-14387 · Google · Android Kernel
Published
2022-06-15
·
Updated
2022-06-24
·
CVE-2022-20155
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android kernel
Description
The issue is related to a possible use-after-free due to a race condition in the ipu core jqs msg transport kernel write sync function of ipu-core-jqs-msg-transport.c. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.
Recommendations
For Android kernel, consider applying a patch to fix the use-after-free issue in the ipu core jqs msg transport kernel write sync function as a permanent solution. As a temporary workaround, restrict access to the affected kernel module to minimize the risk of exploitation.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android Kernel