CVE-2022-20198

Name of the Vulnerable Software and Affected Versions Android versions Android-12L

Description In the llcp dlc proc connect pdu function of llcp dlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with System execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-12L, update to a version that includes the fix for the issue in llcp dlc proc connect pdu of llcp dlc.cc. As a temporary workaround, consider restricting access to the NFC stack to minimize the risk of exploitation.