Arbitrary code execution in Google Android - CVE-2022-20469

 

Arbitrary code execution in Google Android - CVE-2022-20469

Published: December 7, 2022 / Updated: December 7, 2022


Vulnerability identifier: #VU69989
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-20469
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows an attacker to compromise the affected device.

The vulnerability exists due to insufficient validation of untrused input within the Bluetooth component. An attacker with physical proximity to device can pass specially crafted input to the system and execute arbitrary code.


How to mitigate CVE-2022-20469

Install updates from vendor's website.

Sources