CVE-2022-20474
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294
En readLazyValue de Parcel.java, existe una posible carga de código arbitrario en la aplicación Configuración del sistema debido a un problema de tipo confused deputy. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. Producto: AndroidVersiones: Android-10 Android-11 Android-12 Android-12L Android-13ID de Android: A-240138294
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-14 CVE Reserved
- 2022-12-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-12-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/cxxsheng/CVE-2022-20474 | 2024-12-01 |
| URL | Date | SRC |
|---|---|---|
| https://source.android.com/security/bulletin/2022-12-01 | 2022-12-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 10.0 Search vendor "Google" for product "Android" and version "10.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 11.0 Search vendor "Google" for product "Android" and version "11.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.0 Search vendor "Google" for product "Android" and version "12.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.1 Search vendor "Google" for product "Android" and version "12.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 13.0 Search vendor "Google" for product "Android" and version "13.0" | - |
Affected
| ||||||