Security Advisory

CVE-2022-20385

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-13 19:14:22

Last updated 2024-08-03 02:10:44

Assigner google_android

State PUBLISHED

Description

a function called nla_parse, do not check the len of para, it will check nla_type (which can be controlled by userspace) with maxtype (in this case, it is GSCAN_MAX), then it access polciy array policy[type], which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819

← Browse all CVEs View on cve.org ↗