CVE-2022-20610
Published: 16 December 2022
Summary
CVE-2022-20610 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Google Android. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 13.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2022-20610 is an out-of-bounds read (CWE-125) in cellular modem firmware resulting from a missing bounds check. It affects the Android kernel and is tracked under Android ID A-240462530. The flaw carries a CVSS 3.1 score of 8.8 and could permit remote code execution.
An attacker with the ability to perform LTE authentication can trigger the issue remotely without user interaction, achieving code execution that impacts confidentiality, integrity, and availability.
The December 2022 Android security bulletin for Pixel devices lists the issue among the resolved vulnerabilities and directs users to apply the corresponding firmware updates.
EPSS for the CVE rose from lower values to a peak of 0.0564 on 2025-12-11 before receding to the current 0.0272, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-25870
Vulnerability details
In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…
more
A-240462530References: N/A
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.