{"api_version":"1","generated_at":"2026-04-22T23:08:47+00:00","cve":"CVE-2022-20008","urls":{"html":"https://cve.report/CVE-2022-20008","api":"https://cve.report/api/cve/CVE-2022-20008.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-20008","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-20008"},"summary":{"title":"CVE-2022-20008","description":"In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel","state":"PUBLIC","assigner":"security@android.com","published_at":"2022-05-10 20:15:00","updated_at":"2022-05-16 16:04:00"},"problem_types":["CWE-908"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2022-05-01","name":"https://source.android.com/security/bulletin/2022-05-01","refsource":"MISC","tags":[],"title":"Android Security Bulletin—May 2022  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-20008","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-20008","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"20008","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-20008","qid":"179262","title":"Debian Security Update for linux (CVE-2022-20008)"},{"cve":"CVE-2022-20008","qid":"198782","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5417-1)"},{"cve":"CVE-2022-20008","qid":"198785","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5415-1)"},{"cve":"CVE-2022-20008","qid":"376925","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)"},{"cve":"CVE-2022-20008","qid":"610413","title":"Google Android Devices May 2022 Security Patch Missing"},{"cve":"CVE-2022-20008","qid":"610419","title":"Google Android June 2022 Security Patch Missing for Samsung"},{"cve":"CVE-2022-20008","qid":"610420","title":"Google Android June 2022 Security Patch Missing for Huawei EMUI"},{"cve":"CVE-2022-20008","qid":"671915","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-1969)"},{"cve":"CVE-2022-20008","qid":"671975","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-2159)"},{"cve":"CVE-2022-20008","qid":"672045","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-2225)"},{"cve":"CVE-2022-20008","qid":"672391","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-2767)"},{"cve":"CVE-2022-20008","qid":"672653","title":"EulerOS Security Update for kernel (EulerOS-SA-2023-1388)"},{"cve":"CVE-2022-20008","qid":"752228","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2078-1)"},{"cve":"CVE-2022-20008","qid":"752669","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3587-1)"},{"cve":"CVE-2022-20008","qid":"752671","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3584-1)"},{"cve":"CVE-2022-20008","qid":"752702","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3693-1)"},{"cve":"CVE-2022-20008","qid":"752708","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3704-1)"},{"cve":"CVE-2022-20008","qid":"752724","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3775-1)"},{"cve":"CVE-2022-20008","qid":"753296","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2177-1)"},{"cve":"CVE-2022-20008","qid":"753368","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2079-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-20008","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android kernel"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/2022-05-01","url":"https://source.android.com/security/bulletin/2022-05-01"}]},"description":{"description_data":[{"lang":"eng","value":"In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel"}]}},"nvd":{"publishedDate":"2022-05-10 20:15:00","lastModifiedDate":"2022-05-16 16:04:00","problem_types":["CWE-908"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.6,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"20008","Ordinal":"217883","Title":"CVE-2022-20008","CVE":"CVE-2022-20008","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"20008","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}