7.8

CVE-2022-20045

In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126820; Issue ID: ALPS06126820.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version8.1
   MediatekMt8167 Version-
   MediatekMt8175 Version-
   MediatekMt8183 Version-
   MediatekMt8362a Version-
   MediatekMt8365 Version-
   MediatekMt8385 Version-
GoogleAndroid Version9.0
   MediatekMt8167 Version-
   MediatekMt8175 Version-
   MediatekMt8183 Version-
   MediatekMt8362a Version-
   MediatekMt8365 Version-
   MediatekMt8385 Version-
GoogleAndroid Version10.0
   MediatekMt8167 Version-
   MediatekMt8175 Version-
   MediatekMt8183 Version-
   MediatekMt8362a Version-
   MediatekMt8365 Version-
   MediatekMt8385 Version-
GoogleAndroid Version11.0
   MediatekMt8167 Version-
   MediatekMt8175 Version-
   MediatekMt8183 Version-
   MediatekMt8362a Version-
   MediatekMt8365 Version-
   MediatekMt8385 Version-
GoogleAndroid Version12.0
   MediatekMt8167 Version-
   MediatekMt8175 Version-
   MediatekMt8183 Version-
   MediatekMt8362a Version-
   MediatekMt8365 Version-
   MediatekMt8385 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.029
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.