Lucene search

Ubuntu.comUB:CVE-2022-20153

HistoryJun 15, 2022 - 12:00 a.m.

CVE-2022-20153

2022-06-1500:00:00

ubuntu.com

vulnerability

use-after-free

android kernel

privilege escalation

system execution

locking

exploitation

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible
use-after-free due to improper locking. This could lead to local escalation
of privilege in the kernel with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions:
Android kernelAndroid ID: A-222091980References: Upstream kernel

References

git.kernel.org/linus/f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (5.13-rc1)

launchpad.net/bugs/cve/CVE-2022-20153

nvd.nist.gov/vuln/detail/CVE-2022-20153

security-tracker.debian.org/tracker/CVE-2022-20153

source.android.com/security/bulletin/pixel/2022-06-01

www.cve.org/CVERecord?id=CVE-2022-20153

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2022-20153