CVE-2022-20140

CRITICAL

Android -12, -12L - Privilege Escalation

Title source: llm

Description

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988

Exploits (1)

nomisec WORKING POC

by RenukaSelvar · poc

https://github.com/RenukaSelvar/system_bt_aosp10_cve-2022-20140

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://source.android.com/security/bulletin/2022-06-01

Scores

CVSS v3 9.8

EPSS 0.0417

EPSS Percentile 88.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (2)

google/android 12.0

google/android 12.1

Published Jun 15, 2022

Tracked Since Feb 18, 2026