CVE-2022-20413

MEDIUM

Android - Local Information Disclosure via Audio Recording Logic Error

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-20413. PoCs published by pazhanivel07.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-20413, targeting a vulnerability in the Android camera framework. The exploit demonstrates how an attacker could potentially exploit the vulnerability to gain unauthorized access or execute arbitrary code.

Description

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634

Exploits (1)

nomisec WORKING POC
by pazhanivel07 · poc
https://github.com/pazhanivel07/frameworks_av-r33_CVE-2022-20413

This repository contains a proof-of-concept exploit for CVE-2022-20413, targeting a vulnerability in the Android camera framework. The exploit demonstrates how an attacker could potentially exploit the vulnerability to gain unauthorized access or execute arbitrary code.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android camera framework
No auth needed
Prerequisites: Access to the target device · Vulnerable version of the Android camera framework
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 5.5
EPSS 0.0025
EPSS Percentile 16.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (5)
google/android 10.0
google/android 11.0
google/android 12.0
google/android 12.1
google/android 13.0
Published Oct 11, 2022
Tracked Since Feb 18, 2026