CVE-2022-20235

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://source.android.com/security/bulletin/2023-01-01	Vendor Advisory
https://source.android.com/security/bulletin/2023-01-01	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:42

Type	Values Removed	Values Added
References	~~() https://source.android.com/security/bulletin/2023-01-01 - Vendor Advisory~~	() https://source.android.com/security/bulletin/2023-01-01 - Vendor Advisory
Summary		(es) El controlador del núcleo de la GPU PowerVR mantiene una "página de información" utilizada por su subsistema de caché. Esta página solo puede ser escrita por el propio controlador de GPU, pero antes de DDK 1.18, sin embargo, un programa de espacio de usuario podía escribir datos arbitrarios en la página, lo que provocaba problemas de corrupción de memoria. Producto: Android, Versiones: Android SoC, ID de Android: A-259967780

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-119~~	CWE-787

Information

Published : 2023-01-26 21:15

Updated : 2025-04-02 15:15

NVD link : CVE-2022-20235

Mitre link : CVE-2022-20235

CVE.ORG link : CVE-2022-20235

JSON object : View

Products Affected

google

android

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-20235", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-01-26T21:15:26.480", "references": [{"url": "https://source.android.com/security/bulletin/2023-01-01", "tags": ["Vendor Advisory"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2023-01-01", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The PowerVR GPU kernel driver maintains an \"Information Page\" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780"}, {"lang": "es", "value": "El controlador del n\u00facleo de la GPU PowerVR mantiene una \"p\u00e1gina de informaci\u00f3n\" utilizada por su subsistema de cach\u00e9. Esta p\u00e1gina solo puede ser escrita por el propio controlador de GPU, pero antes de DDK 1.18, sin embargo, un programa de espacio de usuario pod\u00eda escribir datos arbitrarios en la p\u00e1gina, lo que provocaba problemas de corrupci\u00f3n de memoria. Producto: Android, Versiones: Android SoC, ID de Android: A-259967780"}], "lastModified": "2025-04-02T15:15:43.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}