PT-2022-14430 · Google · Android
Published
2022-06-15
·
Updated
2025-01-15
·
CVE-2022-20201
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-12L
Description
In the
getAppSize function of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Recommendations
For Android version Android-12L, consider applying a patch or update that fixes the missing bounds check in the
getAppSize function of InstalldNativeService.cpp to prevent local escalation of privilege. As a temporary workaround, restrict access to the InstalldNativeService to minimize the risk of exploitation.Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android