Cyber Resilience

CVE-2022-20610

High

Published: 16 December 2022

Published
16 December 2022
Modified
18 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0272 86.3th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20610 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 13.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability CVE-2022-20610 is an out-of-bounds read (CWE-125) in cellular modem firmware resulting from a missing bounds check. It affects the Android kernel and is tracked under Android ID A-240462530. The flaw carries a CVSS 3.1 score of 8.8 and could permit remote code execution.

An attacker with the ability to perform LTE authentication can trigger the issue remotely without user interaction, achieving code execution that impacts confidentiality, integrity, and availability.

The December 2022 Android security bulletin for Pixel devices lists the issue among the resolved vulnerabilities and directs users to apply the corresponding firmware updates.

EPSS for the CVE rose from lower values to a peak of 0.0564 on 2025-12-11 before receding to the current 0.0272, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:…

more

A-240462530References: N/A

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
android
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References