{"vulnerability": "CVE-2022-2057", "sightings": [{"uuid": "4152094a-93bc-4ae8-bced-20427bbaa195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20577", "type": "seen", "source": "https://t.me/cibsecurity/54700", "content": "\u203c CVE-2022-20577 \u203c\n\nIn OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:30:44.000000Z"}, {"uuid": "9d7708a2-1420-4bf2-a717-529454fc8358", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20572", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12448", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-20572\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-18T14:55:15.950Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2022-12-01", "creation_timestamp": "2025-04-18T14:58:51.000000Z"}, {"uuid": "6e0df181-745b-4988-8631-6a4fef9bee7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20571", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12455", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-20571\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-18T14:52:11.967Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2022-12-01", "creation_timestamp": "2025-04-18T14:59:03.000000Z"}, {"uuid": "bed647e5-b20c-4d14-b6fb-647640857acd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20572", "type": "seen", "source": "https://t.me/cibsecurity/54712", "content": "\u203c CVE-2022-20572 \u203c\n\nIn verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:34:27.000000Z"}, {"uuid": "13621623-b85c-409b-a391-50f723d787f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20571", "type": "seen", "source": "https://t.me/cibsecurity/54694", "content": "\u203c CVE-2022-20571 \u203c\n\nIn extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:30:38.000000Z"}, {"uuid": "eda7234a-228b-4129-befe-8ea4c16bafd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20578", "type": "seen", "source": "https://t.me/cibsecurity/54693", "content": "\u203c CVE-2022-20578 \u203c\n\nIn RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-18T09:23:48.000000Z"}, {"uuid": "25c7a799-e2f8-4e2f-959f-20ab974c1603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20579", "type": "seen", "source": "https://t.me/cibsecurity/54752", "content": "\u203c CVE-2022-20579 \u203c\n\nIn RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:40:43.000000Z"}, {"uuid": "2a3f6019-a635-4be8-81d7-20d2b57fb2e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2057", "type": "seen", "source": "https://t.me/cibsecurity/45420", "content": "\u203c CVE-2022-2057 \u203c\n\nDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T20:38:47.000000Z"}]}