How severe is CVE-2022-20491?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-20491?

This is classified as CWE-1284, which is a common weakness in software security.

CVE-2022-20491 - HIGH Severity | CVSS 7.8

Vulnerability Description

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556

Related Vulnerabilities

CVE-2010-3904

HIGH

CVSS:7.8(High)

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from us...

CWE-12842010

CVE-2021-1081

HIGH

CVSS:7.8(High)

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure...

CWE-12842021

CVE-2021-1082

HIGH

CVSS:7.8(High)

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denia...

CWE-12842021

CVE-2021-1083

HIGH

CVSS:7.8(High)

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure...

CWE-12842021

CVE-2021-30350

HIGH

CVSS:7.8(High)

Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ...

CWE-12842021

CVE-2021-35132

HIGH

CVSS:7.8(High)

Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial I...

CWE-12842021