CVE-2022-20186

HIGH LAB

Android - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-20186. PoCs published by Bariskizilkaya, SmileTabLabo, flora6907.

AI-analyzed exploit summary This is a functional exploit for CVE-2022-20186, targeting a memory corruption vulnerability in the Arm Mali GPU kernel driver. It achieves arbitrary kernel code execution to disable SELinux and escalate privileges to root on affected Android devices.

Description

In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A

Exploits (3)

nomisec WORKING POC 3 stars
by Bariskizilkaya · poc
https://github.com/Bariskizilkaya/CVE-2022-20186_CTXZ

This is a functional exploit for CVE-2022-20186, targeting a memory corruption vulnerability in the Arm Mali GPU kernel driver. It achieves arbitrary kernel code execution to disable SELinux and escalate privileges to root on affected Android devices.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Arm Mali GPU Kernel Driver (Google Pixel 6, Android 12, patch levels Nov 2021 - Feb 2022)
No auth needed
Prerequisites: Physical or local access to a vulnerable Android device · Compiled binary deployed to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by SmileTabLabo · poc
https://github.com/SmileTabLabo/CVE-2022-20186

This is a functional exploit for CVE-2022-20186, targeting a memory corruption vulnerability in the Arm Mali GPU kernel driver. It achieves arbitrary kernel code execution, disables SELinux, and escalates privileges to root on affected Android devices.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Arm Mali GPU kernel driver (Google Pixel 6, firmware from November 2021 to February 2022)
No auth needed
Prerequisites: Physical or remote access to a vulnerable Android device (Google Pixel 6 with specific firmware versions) · Ability to compile and execute native binaries on the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by flora6907 · poc
https://github.com/flora6907/CVE-2022-20186

This repository provides a functional proof-of-concept exploit for CVE-2022-20186, targeting a vulnerability in the Mali GPU driver. It includes detailed setup instructions, build scripts, and a PoC binary to demonstrate the exploit in a QEMU-based environment.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Mali GPU driver (Linux kernel module)
No auth needed
Prerequisites: QEMU · Linux kernel 5.10.30 · Mali GPU driver source code · Docker (optional for Mac users)
devstral-2 · analyzed May 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0051
EPSS Percentile 39.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull cve-2022-20186-arm64:latest
docker pull cve-2022-20186-x86:latest

Details

CWE
CWE-20
Status published
Products (1)
google/android
Published Jun 15, 2022
Tracked Since Feb 18, 2026