CVE-2022-20452 - In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code executio

CVE-2022-20452

Summary

In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318

References

https://source.android.com/security/bulletin/2022-11-01

Vulnerable Configurations

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

09-11-2022 - 14:35

Published

08-11-2022 - 22:15

Last modified

09-11-2022 - 14:35