CVE-2022-20549
CVE-2022-20549
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Android