#VU63352 Use of uninitialized resource in Google Android - CVE-2022-20008
Published: May 18, 2022
Vulnerability identifier: #VU63352
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20008
CWE-ID: CWE-908
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local application to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources within the mmc_blk_read_single() function in block.c. A local application can obtain potentially sensitive information from memory when reading from an SD card that triggers errors.
Remediation
Install updates from vendor's website.
External links
- https://source.android.com/security/bulletin/2022-05-01
- https://android.googlesource.com/kernel/common/+/2aea7dc18f4249dc53e53598db50b59c26a60aeb
- https://android.googlesource.com/kernel/common/+/8a3679a75730c1babde6bf63e35d227f3305bd90
- https://android.googlesource.com/kernel/common/+/8f66dc1a78a743ea3c3f039500d2aa0cddd776d5