CVE-2022-20484

HIGH Year: 2022
CVSS v3 Score
7.8
High
Weakness Type
CWE-770
View all →

Vulnerability Description

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702851

Related Vulnerabilities

CVE-2017-8253

HIGH
CVSS:7.8(High)

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.

CWE-7702017

CVE-2019-10094

HIGH
CVSS:7.8(High)

A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. A...

CWE-7702019

CVE-2020-24658

HIGH
CVSS:7.8(High)

Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a...

CWE-7702020

CVE-2021-1057

HIGH
CVSS:7.8(High)

NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which it allows guests to allocate some resources for which the guest is not authorized, which may lead to...

CWE-7702021

CVE-2021-25173

HIGH
CVSS:7.8(High)

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to ca...

CWE-7702021

CVE-2021-29324

HIGH
CVSS:7.8(High)

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c.

CWE-7702021