CVE-2022-20607

HIGH

Android Pixel Cellular Firmware - Out-of-bounds Write

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-20607. PoCs published by sumeetIT.

AI-analyzed exploit summary This repository contains a writeup for CVE-2022-20607, an out-of-bounds write vulnerability in Pixel cellular firmware that could lead to remote code execution with LTE authentication. No exploit code is provided, only metadata and references.

Description

In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A

Exploits (1)

nomisec WRITEUP

by sumeetIT · poc

https://github.com/sumeetIT/CVE-2022-20607

View Code ZIP pw:eip

This repository contains a writeup for CVE-2022-20607, an out-of-bounds write vulnerability in Pixel cellular firmware that could lead to remote code execution with LTE authentication. No exploit code is provided, only metadata and references.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Pixel cellular firmware (Android kernel)

Auth required

Prerequisites: LTE authentication · Pixel device with vulnerable firmware

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://source.android.com/security/bulletin/pixel/2022-12-01

Scores

CVSS v3 8.8

EPSS 0.0095

EPSS Percentile 56.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

google/android

Published Dec 16, 2022

Tracked Since Feb 18, 2026