Details of VAR-202212-0688

ID

VAR-202212-0688

CVE

CVE-2022-20608

TITLE

Google of Android Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023947

DESCRIPTION

In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smart phone of Google (Google). Google Pixel has a buffer error vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2022-20608 // JVNDB: JVNDB-2022-023947 // CNVD: CNVD-2023-01491 // VULMON: CVE-2022-20608

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-01491

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	-	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-01491 // JVNDB: JVNDB-2022-023947 // NVD: CVE-2022-20608

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20608
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20608
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-01491
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202212-2278
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2023-01491
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-20608
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20608
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-01491 // JVNDB: JVNDB-2022-023947 // CNNVD: CNNVD-202212-2278 // NVD: CVE-2022-20608

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023947 // NVD: CVE-2022-20608

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2278

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-2278

PATCH

title:	Patch for Google Pixel Buffer Overflow Vulnerability (CNVD-2023-01491)	url:	https://www.cnvd.org.cn/patchInfo/show/386436	Trust: 0.6
title:	Google Pixel Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218724	Trust: 0.6

sources: CNVD: CNVD-2023-01491 // CNNVD: CNNVD-202212-2278

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20608	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-023947	Trust: 0.8
db:	CNVD	id:	CNVD-2023-01491	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-2278	Trust: 0.6
db:	VULMON	id:	CVE-2022-20608	Trust: 0.1

sources: CNVD: CNVD-2023-01491 // VULMON: CVE-2022-20608 // JVNDB: JVNDB-2022-023947 // CNNVD: CNNVD-202212-2278 // NVD: CVE-2022-20608

REFERENCES

url:	https://source.android.com/security/bulletin/pixel/2022-12-01	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20608	Trust: 2.0
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2022-40023	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20608/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-01491 // VULMON: CVE-2022-20608 // JVNDB: JVNDB-2022-023947 // CNNVD: CNNVD-202212-2278 // NVD: CVE-2022-20608

SOURCES

db:	CNVD	id:	CNVD-2023-01491
db:	VULMON	id:	CVE-2022-20608
db:	JVNDB	id:	JVNDB-2022-023947
db:	CNNVD	id:	CNNVD-202212-2278
db:	NVD	id:	CVE-2022-20608

LAST UPDATE DATE

2024-08-14T14:55:07.421000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-01491	date:	2023-01-08T00:00:00
db:	VULMON	id:	CVE-2022-20608	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023947	date:	2023-11-30T04:35:00
db:	CNNVD	id:	CNNVD-202212-2278	date:	2022-12-22T00:00:00
db:	NVD	id:	CVE-2022-20608	date:	2022-12-21T16:26:11.597

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-01491	date:	2023-01-04T00:00:00
db:	VULMON	id:	CVE-2022-20608	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023947	date:	2023-11-30T00:00:00
db:	CNNVD	id:	CNNVD-202212-2278	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2022-20608	date:	2022-12-16T16:15:21.410