VIR Vulnerability Intelligence Relay

CVE-2022-20572

medium
Published 2022-11-15 · Modified 2022-11-15
CVSS v3
VIR risk
5.5

Description

In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
suse slesaffected
debian debianbookwormfixed5.18.2-1
debian debianbullseyefixed5.10.120-1
debian debianforkyfixed5.18.2-1
debian debiansidfixed5.18.2-1
debian debiantrixiefixed5.18.2-1

References

💬 Discuss CVE-2022-20572 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.