PT-2022-14570 · Google · Android

Published

2022-08-01

Updated

2025-10-20

CVE-2022-20345

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions Android-12 through Android-12L

Description In the l2cble process sig cmd function of l2c ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android versions Android-12 through Android-12L, update to the latest security patch level, which includes the fixes for this issue. As a temporary workaround, consider disabling Bluetooth functionality until the update is applied. Restrict access to the l2cble process sig cmd function to minimize the risk of exploitation.

Fix

RCE

Memory Corruption

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-77

Related Identifiers

ASB-A-230494481

CVE-2022-20345

Affected Products

Android

PT-2022-14570 · Google · Android

CVE-2022-20345

Weakness Enumeration

Related Identifiers

Affected Products

References · 10