{"vulnerability": "CVE-2022-20186", "sightings": [{"uuid": "1e7eb94b-c9bc-4dbb-8407-09cce2c66b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20186", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2467", "content": "#Android #CVE\n\nCorrupting memory without memory corruption\nCVE-2022-20186\n\n\u0412 \u044d\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e CVE-2022-20186, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 \u044f\u0434\u0440\u0430 GPU Arm Mali, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430 \u043e\u0442 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043d\u0430 Pixel 6. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043c\u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root \u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c SELinux. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0438\u043c\u0438\u0442\u0438\u0432\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u043a\u043e\u0434\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u044c\u044e \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 GPU.", "creation_timestamp": "2022-09-07T13:00:04.000000Z"}, {"uuid": "9e80c7bf-8d30-4ef7-bedc-3adb997864b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20186", "type": "seen", "source": "https://t.me/cibsecurity/44526", "content": "\u203c CVE-2022-20186 \u203c\n\nIn kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:31.000000Z"}, {"uuid": "135d885b-1496-4ab7-b1c4-c69ba158a72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20186", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/178", "content": "Corrupting memory without memory corruption\n\nAn article by Man Yue Mo about exploiting CVE-2022-20186, an integer overflow in the Arm Mali GPU driver.\n\nThe bug allows mapping arbitrary physical pages to the GPU memory with both read and write access. The exploit gets arbitrary kernel code execution on Pixel 6, disables SELinux, and gains root.", "creation_timestamp": "2022-08-02T23:52:26.000000Z"}, {"uuid": "fa43101a-f816-4f57-b059-705920e74b8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20186", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6487", "content": "#exploit\n1. CVE-2022-20186:\nVulnerability in the Arm Mali GPU kernel driver\nhttps://github.blog/2022-07-27-corrupting-memory-without-memory-corruption\n\n2. Overkill - QNAP QTS Exploit\nhttps://github.com/jbaines-r7/overkill", "creation_timestamp": "2022-07-29T12:00:21.000000Z"}]}