CVE-2022-20280

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue is related to a possible read of protected data due to improper input validation, specifically SQL injection, in the MMSProvider. This could lead to local information disclosure of sms/mms data, requiring User execution privileges. No user interaction is needed for exploitation.

Recommendations For Android version Android-13, consider restricting access to sensitive data until a patch is available. As a temporary workaround, review and limit the use of SQL queries in the MMSProvider to minimize the risk of exploitation.