CVE-2022-20583

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a possible out of bounds write due to improper input validation in the ppmp unprotect mfcfw buf function of drm fw.c. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android kernel, apply the necessary patch to fix the improper input validation issue in the ppmp unprotect mfcfw buf function of drm fw.c. As a temporary workaround, consider restricting access to the drm fw.c module to minimize the risk of exploitation.