CVE-2022-20140

CRITICAL

Android -12, -12L - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-20140. PoCs published by RenukaSelvar.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-20140, targeting the Fluoride Bluetooth stack in AOSP. The code includes build scripts and source files for the SBC decoder, which is likely the vulnerable component.

Description

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988

Exploits (1)

nomisec WORKING POC

by RenukaSelvar · poc

https://github.com/RenukaSelvar/system_bt_aosp10_cve-2022-20140

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-20140, targeting the Fluoride Bluetooth stack in AOSP. The code includes build scripts and source files for the SBC decoder, which is likely the vulnerable component.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Fluoride Bluetooth stack in AOSP

No auth needed

Prerequisites: Access to the target device's Bluetooth stack · Ability to send malformed SBC data

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/2022-06-01

Scores

CVSS v3 9.8

EPSS 0.0852

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (2)

google/android 12.0

google/android 12.1

Published Jun 15, 2022

Tracked Since Feb 18, 2026