CVE-2022-20369

Public on 2022-08-11
Modified on 2023-01-18
Description
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel
Severity
Medium severity
Medium
CVSS v3 Base Score
6.7
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel 2022-12-01 ALAS-2022-1645 Fixed
Amazon Linux 2 - Core kernel 2022-12-01 ALAS2-2022-1888 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2022-09-30 ALAS2KERNEL-5.4-2022-036 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H