Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-20009. PoCs published by szymonh.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-20009, targeting multiple Android USB gadget drivers. The exploit demonstrates buffer overflow vulnerabilities in EP0 control transfer handlers, allowing attackers to overflow a 4096-byte buffer by manipulating the wLength field in USB control requests.
Description
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel
Exploits (1)
This repository contains a proof-of-concept exploit for CVE-2022-20009, targeting multiple Android USB gadget drivers. The exploit demonstrates buffer overflow vulnerabilities in EP0 control transfer handlers, allowing attackers to overflow a 4096-byte buffer by manipulating the wLength field in USB control requests.
References (1)
Scores
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H