Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2022-20141

Public on 2022-06-15
Modified on 2024-01-14
Description

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel

Severity
Important
See what this means
CVSS v3 Base Score
7.0
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2021-09-30 19:25 ALAS-2021-1539
Amazon Linux 2 - Core kernel 2021-10-04 20:16 ALAS2-2021-1712
Amazon Linux 2 - Kernel-5.10 Extra kernel 2022-01-20 23:51 ALAS2KERNEL-5.10-2022-006
Amazon Linux 2 - Kernel-5.4 Extra kernel 2024-06-19 20:39 ALAS2KERNEL-5.4-2024-073

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C
NVD CVSSv3 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H