Cyber Resilience

CVE-2022-20127

Critical

Published: 15 June 2022

Published
15 June 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0548 90.4th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20127 is a critical-severity Double Free (CWE-415) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 9.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability is a double free in the ce_t4t_data_cback function of ce_t4t.cc that produces an out-of-bounds write. It affects Android 10, 11, 12, and 12L and is tracked as Android ID A-221862119. The flaw carries a CVSS 3.1 base score of 9.8 and is associated with CWE-415 and CWE-787.

An unauthenticated network attacker can trigger the condition remotely without user interaction or additional privileges, resulting in arbitrary code execution on the device.

The June 2022 Android security bulletin lists the issue and supplies the corresponding patches for the affected versions. The associated EPSS score has remained low, moving only from 0.0548 to a peak of 0.0683.

EU & UK References

Vulnerability details

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11…

more

Android-12 Android-12LAndroid ID: A-221862119

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
android
10.0, 11.0, 12.0, 12.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References