CVE-2022-20008

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-20008
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-20008.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-20008
Aliases
Downstream
Related
Published
2022-05-10T20:15:09Z
Modified
2025-08-09T20:01:26Z
Severity
  • 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In mmcblkread_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel

References

Affected packages