Main Vulnerability Database Exploits ID:9080 - Exploit for Race condition in Google Android - CVE-2022-20421

ID:9080 - Exploit for Race condition in Google Android - CVE-2022-20421

Published: May 21, 2023

Vulnerability identifier: #VU67865

Vulnerability risk: Low

CVE-ID: CVE-2022-20421

CWE-ID: CWE-362

Exploitation vector: Local access

Vulnerable software:
Google Android

Link to public exploit:

https://github.com/0xkol/badspin

Vulnerability description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition within the Binder driver in Android kernel in drivers/android/binder.c. A local application can exploit the race to trigger a use-after-free error and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

ID:9080 - Exploit for Race condition in Google Android - CVE-2022-20421

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human