CVE-2022-20568

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a use after free condition that could corrupt kernel memory, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation. The problem is also associated with the io statx() function in the fs/io uring.c module of the io uring component in the Linux kernel, which can lead to a denial of service or privilege escalation.

Recommendations For Android kernel, consider applying a patch from the upstream kernel to resolve the issue. As a temporary workaround, consider restricting access to the io uring component until a patch is available. Avoid using the io statx() function in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.