PT-2022-14761 · Google · Android
Published
2022-12-16
·
Updated
2022-12-19
·
CVE-2022-20548
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-13
Description
The issue is related to a possible out of bounds write in the setParameter function of EqualizerEffect.cpp due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Recommendations
For Android version Android-13, consider restricting access to the setParameter function of EqualizerEffect.cpp until a patch is available. As a temporary workaround, ensure proper input validation for the setParameter function to prevent out of bounds writes.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android