CVE-2022-20224
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646
En la función AT_SKIP_REST del archivo bta_hf_client_at.cc, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una divulgación remota de información en la pila Bluetooth sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. Producto: Android, Versiones: Android-10 Android-11 Android-12 Android-12L, ID de Android: A-220732646
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-14 CVE Reserved
- 2022-07-13 CVE Published
- 2022-08-18 First Exploit
- 2024-02-03 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20224 | 2022-08-18 | |
| https://github.com/hshivhare67/platform_system_bt_AOSP10_r33_CVE-2022-20224 | 2023-04-06 |
| URL | Date | SRC |
|---|---|---|
| https://source.android.com/security/bulletin/2022-07-01 | 2022-07-26 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 10.0 Search vendor "Google" for product "Android" and version "10.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 11.0 Search vendor "Google" for product "Android" and version "11.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.0 Search vendor "Google" for product "Android" and version "12.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.1 Search vendor "Google" for product "Android" and version "12.1" | - |
Affected
| ||||||