Cyber Resilience

CVE-2022-20229

Critical

Published: 13 July 2022

Published
13 July 2022
Modified
21 November 2024
KEV Added
Patch
01 July 2022
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1249 94.1th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20229 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability is an out-of-bounds write in the function bta_hf_client_handle_cind_list_item within bta_hf_client_at.cc, caused by a missing bounds check. It affects the Bluetooth Hands-Free client component on Android versions 10, 11, 12, and 12L, and carries the identifier A-224536184. The issue is tracked under CWE-787 and received a CVSS 3.1 score of 9.8.

An unauthenticated remote attacker can trigger the flaw over the network without requiring user interaction or additional execution privileges, resulting in remote code execution on the affected device.

The referenced Android security bulletin dated 2022-07-01 addresses the issue and supplies the corresponding patches for the impacted Android releases.

EPSS for the CVE reached a peak of 0.1249 and remains at that level with no material increase after disclosure.

EU & UK References

Vulnerability details

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

more

Android-11 Android-12 Android-12LAndroid ID: A-224536184

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
android
10.0, 11.0, 12.0, 12.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References