CVE-2022-20373

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a possible use after free due to a race condition in the st21nfc loc set polaritymode function of fc/st21nfc.c. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android kernel, consider applying a patch to fix the use after free issue in the st21nfc loc set polaritymode function as a permanent solution. As a temporary workaround, consider restricting access to the fc/st21nfc.c module to minimize the risk of exploitation.