Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20094


In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734.


Published

2022-05-03T20:15:08.573

Last Modified

2024-11-21T06:42:08.403

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-787

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 11.0 Yes
Operating System google android 12.0 Yes
Hardware mediatek mt6771 - No
Hardware mediatek mt6779 - No
Hardware mediatek mt6781 - No
Hardware mediatek mt6785 - No
Hardware mediatek mt6833 - No
Hardware mediatek mt6853 - No
Hardware mediatek mt6873 - No
Hardware mediatek mt6885 - No
Hardware mediatek mt6893 - No
Hardware mediatek mt8788 - No
Hardware mediatek mt8797 - No

References