Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-20421

Published: 11/10/2022 Updated: 03/12/2022
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Android

Vulnerability Summary

It exists that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android -

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5257-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2021-4037 Christian Brauner reported that the inode_init_owner function for the XFS filesystem in the Linux kernel allows local users to create files with an unintended group ownership al ...
Ubuntu Security Notice: USN-5793-3: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5791-2: Linux kernel (Azure) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5792-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5791-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-2: Linux kernel (Azure) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5792-2: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5790-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5793-4: Linux kernel (IBM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5791-3: Linux kernel (Azure) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5815-1: Linux kernel (BlueField) vulnerabilities
Several security issues were fixed in the Linux kernel ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/1c5953bf7b4cffc98481adf559672c1a
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/0xkol/badspin

Bad Spin: Android Binder Privilege Escalation Exploit (CVE-2022-20421)

Bad Spin: Android Binder LPE Author: Moshe Kol Privilege escalation exploit from unstrusted_app for Android Binder vulnerability (CVE-2022-20421) The vulnerability is patched on Android's Security Bulletin of October 2022 The exploit works on devices running kernel versions 54x and 510x, and it achieves full kernel R/W primitives For the Google Pixel 6, it also obta

References

CWE-416https://source.android.com/security/bulletin/2022-10-01https://www.debian.org/security/2022/dsa-5257https://lists.debian.org/debian-lts-announce/2022/11/msg00001.htmlhttps://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5257https://github.com/0xkol/badspinhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07https://ubuntu.com/security/notices/USN-5793-3https://ubuntu.com/security/notices/USN-5791-2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook