CVE-2022-20499
Publication date 24 March 2023
Last updated 5 December 2024
Ubuntu priority
Cvss 3 Severity Score
In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246539931
Status
Package | Ubuntu Release | Status |
---|---|---|
android-platform-frameworks-base | 24.10 oracular | Ignored |
24.04 LTS noble | Ignored | |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Ignored | |
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Ignored end of standard support |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |