SB2022100403 - Multiple vulnerabilities in Google Android
Published: October 4, 2022 Updated: September 19, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 47 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-33217)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Qualcomm IPC. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
2) Improper Validation of Array Index (CVE-ID: CVE-2022-25720)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an improper validation of an array index in WLAN HOST during connect/roaming. A remote attacker can send specially crafted traffic to the device and execute arbitrary code.
3) Use-after-free (CVE-ID: CVE-2022-22077)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Graphics component. A local application can trigger a use-after-free in graphics dispatcher logic and execute arbitrary code with elevated privileges.
4) Use-after-free (CVE-ID: CVE-2022-25723)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Multimedia Frameworks. A local application can trigger a use-after- free during callback registration failure and execute arbitrary code with elevated privileges.
5) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2022-33214)
CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the Display component. A local application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
6) Cryptographic issues (CVE-ID: CVE-2022-25718)
CWE-ID: CWE-310 - Cryptographic Issues
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper checking on return value while authentication handshake within the WLAN component. A remote attacker can perform MitM attack.
7) Integer overflow (CVE-ID: CVE-2022-25748)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the WLAN component when handling GTK frames. A remote attacker can send specially crafted traffic to the device, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Double Free (CVE-ID: CVE-2022-25660)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the kernel component. A local application can trigger a double free error and execute arbitrary code with elevated privileges.
9) Untrusted Pointer Dereference (CVE-ID: CVE-2022-25661)
CWE-ID: CWE-822 - Untrusted Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
10) Buffer overflow (CVE-ID: CVE-2022-25687)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing asf clips within the Video component. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Out-of-bounds read (CVE-ID: CVE-2022-25736)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Firmware when handling VHT action frames. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
12) Out-of-bounds read (CVE-ID: CVE-2022-25749)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Firmware when handling MDNS frames. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.13) Deserialization of Untrusted Data (CVE-ID: CVE-2022-26471)
CWE-ID: CWE-502 - Deserialization of Untrusted Data
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insecure input validation when processing serialized data within the telephony service. A local application can pass a specially crafted data to the affected service and execute arbitrary code with elevated privileges.
14) Deserialization of Untrusted Data (CVE-ID: CVE-2022-26472)
CWE-ID: CWE-502 - Deserialization of Untrusted Data
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20425)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.16) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20416)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.
17) Information disclosure (CVE-ID: CVE-2022-20418)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in the media framework. A local application can gain unauthorized access to sensitive information on the system.
18) Information disclosure (CVE-ID: CVE-2022-20413)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in the media framework. A local application can gain unauthorized access to sensitive information on the system.
19) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20415)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within Android framework. A local application can execute arbitrary code with elevated privileges.20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-39758)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within WindowManager. A local application can execute arbitrary code with elevated privileges.
21) Improper access control (CVE-ID: CVE-2022-20351)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Android framework. A local application can gain access to sensitive information.
22) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20420)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in Android framework. A
local application can escalate privileges on the system.
23) Information disclosure (CVE-ID: CVE-2022-20419)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android framework. A local application can gain unauthorized access to sensitive information on the system.
24) Improper access control (CVE-ID: CVE-2022-20410)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
25) Improper access control (CVE-ID: CVE-2022-20394)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
26) Improper access control (CVE-ID: CVE-2021-39673)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in System component. A local application can bypass implemented security restrictions and gain access to sensitive information.
27) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20412)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.28) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20417)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20440)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20433)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
31) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20432)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
32) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20431)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20430)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
34) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0699)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
35) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0951)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
36) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0696)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20409)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing checks when working with concurrent tasks in io_uring implementation. A local application can escalate privileges on the system.
38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20424)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing checks when working with concurrent tasks in io_uring implementation. A local application can escalate privileges on the system.
39) Integer overflow (CVE-ID: CVE-2022-20423)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer overflow within the rndis_set_response() function in drivers/usb/gadget/function/rndis.c in Linux kernel. A local application can trigger ab integer overflow and execute arbitrary code with elevated privileges.
40) Out-of-bounds write (CVE-ID: CVE-2022-20422)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within emulation_proc_handler() in armv8 emulation in arch/arm64/kernel/armv8_deprecated.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
41) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20439)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
42) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20438)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
43) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20437)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
44) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20436)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
45) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20435)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
46) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20434)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
47) Race condition (CVE-ID: CVE-2022-20421)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the Binder driver in Android kernel in drivers/android/binder.c. A local application can exploit the race to trigger a use-after-free error and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://source.android.com/docs/security/bulletin/2022-10-01
- https://source.android.com/docs/security/bulletin/2022-10-01#2022-10-01-security-patch-level-vulnerability-details
- https://source.android.com/docs/security/bulletin/2022-10-01#2022-10-05-security-patch-level-vulnerability-details
- https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9
- https://android.googlesource.com/kernel/common/+/812805ff3b0c7
- https://android.googlesource.com/kernel/common/+/29f077d070519
- https://android.googlesource.com/kernel/common/+/0a21a3eb9fcea0609f3bc8bee1f796788e0a770e
- https://android.googlesource.com/kernel/common/+/28bc0267399f4
- https://lore.kernel.org/all/20220301080424.GA17208@kili/
- https://lore.kernel.org/all/20220128090324.2727688-1-hewenliang4@huawei.com/
- https://lore.kernel.org/all/9A004C03-250B-46C5-BF39-782D7551B00E@tencent.com/
- https://android.googlesource.com/kernel/common/+/885349f53dd73
- https://android.googlesource.com/kernel/common/+/19bb609b45fb
- https://lore.kernel.org/all/20220801182511.3371447-1-cmllamas@google.com/