CVE-2022-20421

Updated: 2024-11-24 05:15:56.996887

Description:

In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-13 03:22:11
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2023-04-28 00:39:26
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2023-04-13 08:50:33
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-13 03:22:11
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-13 03:22:11
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Not Vulnerable 2023-02-23 07:39:48
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released 2023-04-27 14:05:03
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Released 2023-11-06 02:37:19