ID

VAR-202212-0688


CVE

CVE-2022-20608


TITLE

Google  of  Android  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023947

DESCRIPTION

In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smart phone of Google (Google). Google Pixel has a buffer error vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2022-20608 // JVNDB: JVNDB-2022-023947 // CNVD: CNVD-2023-01491 // VULMON: CVE-2022-20608

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-01491

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:googlemodel:pixelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-01491 // JVNDB: JVNDB-2022-023947 // NVD: CVE-2022-20608

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20608
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20608
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-01491
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202212-2278
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-01491
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-20608
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-20608
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-01491 // JVNDB: JVNDB-2022-023947 // CNNVD: CNNVD-202212-2278 // NVD: CVE-2022-20608

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023947 // NVD: CVE-2022-20608

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2278

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-2278

PATCH

title:Patch for Google Pixel Buffer Overflow Vulnerability (CNVD-2023-01491)url:https://www.cnvd.org.cn/patchInfo/show/386436

Trust: 0.6

title:Google Pixel Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=218724

Trust: 0.6

sources: CNVD: CNVD-2023-01491 // CNNVD: CNNVD-202212-2278

EXTERNAL IDS

db:NVDid:CVE-2022-20608

Trust: 3.9

db:JVNDBid:JVNDB-2022-023947

Trust: 0.8

db:CNVDid:CNVD-2023-01491

Trust: 0.6

db:CNNVDid:CNNVD-202212-2278

Trust: 0.6

db:VULMONid:CVE-2022-20608

Trust: 0.1

sources: CNVD: CNVD-2023-01491 // VULMON: CVE-2022-20608 // JVNDB: JVNDB-2022-023947 // CNNVD: CNNVD-202212-2278 // NVD: CVE-2022-20608

REFERENCES

url:https://source.android.com/security/bulletin/pixel/2022-12-01

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20608

Trust: 2.0

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2022-40023

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20608/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-01491 // VULMON: CVE-2022-20608 // JVNDB: JVNDB-2022-023947 // CNNVD: CNNVD-202212-2278 // NVD: CVE-2022-20608

SOURCES

db:CNVDid:CNVD-2023-01491
db:VULMONid:CVE-2022-20608
db:JVNDBid:JVNDB-2022-023947
db:CNNVDid:CNNVD-202212-2278
db:NVDid:CVE-2022-20608

LAST UPDATE DATE

2024-08-14T14:55:07.421000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-01491date:2023-01-08T00:00:00
db:VULMONid:CVE-2022-20608date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023947date:2023-11-30T04:35:00
db:CNNVDid:CNNVD-202212-2278date:2022-12-22T00:00:00
db:NVDid:CVE-2022-20608date:2022-12-21T16:26:11.597

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-01491date:2023-01-04T00:00:00
db:VULMONid:CVE-2022-20608date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023947date:2023-11-30T00:00:00
db:CNNVDid:CNNVD-202212-2278date:2022-12-05T00:00:00
db:NVDid:CVE-2022-20608date:2022-12-16T16:15:21.410