CVE-2022-20421

Summary

CVE	CVE-2022-20421
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-10-11 20:15:00 UTC
Updated	2022-12-03 02:42:00 UTC
Description	In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Google	Android	-	All	All	All

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-5257-1 linux	DEBIAN	www.debian.org
[SECURITY] [DLA 3173-1] linux-5.10 security update	MLIST	lists.debian.org
Android Security Bulletin—October 2022 \| Android Open Source Project	MISC	source.android.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181105 Debian Security Update for linux (CVE-2022-20421)
181145 Debian Security Update for linux (DSA 5257-1)
181190 Debian Security Update for linux-5.10 (DLA 3173-1)
199087 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5792-1)
199088 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5791-1)
199089 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5793-1)
199090 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5790-1)
199091 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5791-2)
199094 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5792-2)
199096 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5793-2)
199098 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-5793-4)
199099 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5793-3)
199100 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5791-3)
199119 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-5815-1)
199179 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5877-1)
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
610437 Google Android Devices October 2022 Security Patch Missing
610444 Google Android November 2022 Security Patch Missing for Samsung
610445 Google Android November 2022 Security Patch Missing for Huawei EMUI