CVE-2022-20186

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to improper input validation in the kbase mem alias function of mali kbase mem linux.c, which could lead to arbitrary code execution and local escalation of privilege without requiring additional execution privileges. User interaction is not needed for exploitation. The vulnerability allows mapping arbitrary physical pages to the GPU memory with both read and write access, enabling arbitrary kernel code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.