Main Vulnerability Database Vulnerabilities #VU69989

#VU69989 Arbitrary code execution in Google Android - CVE-2022-20469

Published: December 7, 2022 / Updated: December 7, 2022

Vulnerability identifier: #VU69989

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-20469

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows an attacker to compromise the affected device.

The vulnerability exists due to insufficient validation of untrused input within the Bluetooth component. An attacker with physical proximity to device can pass specially crafted input to the system and execute arbitrary code.

Remediation

Install updates from vendor's website.

External links

https://source.android.com/docs/security/bulletin/2022-12-01#2022-12-01-security-patch-level-vulnerability-details