CVE: CVE-2022-20141

Export to Word

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00034
Percentile: 0.08051

CVSS Scoring

CVSS v3.1 Score: 7.0

Severity: HIGH

Mapped CWE(s)

CWE-362 : Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416 : Use After Free
CWE-667 : Improper Locking

All CAPEC(s)

CAPEC-25: Forced Deadlock
CAPEC-26: Leveraging Race Conditions
CAPEC-27: Leveraging Race Conditions via Symbolic Links
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CAPEC(s) with Mapped TTPs

CAPEC-25: Forced Deadlock
Mapped TTPs:
- T1499.004 : Application or System Exploitation

Mapped ATT&CK TTPs

T1499.004 : Application or System Exploitation
Kill Chain: impact

Malware

Industroyer

APTs Threat Group Associations

Campaigns

Affected Products

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

← Back to Home