CVE-2022-20385

Name of the Vulnerable Software and Affected Versions Android versions (affected versions not specified)

Description The issue is related to a function called nla parse, which fails to check the length of a parameter, allowing userspace to control nla type. This can lead to out-of-bounds (OOB) access of the policy array, specifically policy[type], where type can be manipulated and maxtype is set to GSCAN MAX.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.