Main Vulnerability Database Vulnerabilities #VU69988

Arbitrary code execution in Google Android - CVE-2022-20411

Published: December 7, 2022 / Updated: December 7, 2022

Vulnerability identifier: #VU69988

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-20411

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows an attacker to compromise the affected device.

The vulnerability exists due to insufficient validation of untrused input within the Bluetooth component. An attacker with physical proximity to device can pass specially crafted input to the system and execute arbitrary code.

Remediation

Install updates from vendor's website.

External links

https://source.android.com/docs/security/bulletin/2022-12-01#2022-12-01-security-patch-level-vulnerability-details

Arbitrary code execution in Google Android - CVE-2022-20411

Description

Remediation

External links

Please verify you're human