Vulnerability Details CVE-2022-20423
In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.3%
CVSS Severity
CVSS v3 Score 4.6
References