CVE-2022-20109

EUVD-2022-25369
In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
googleandroid
9.0
googleandroid
10.0
googleandroid
11.0
googleandroid
12.0
𝑥
= Vulnerable software versions
References
https://corp.mediatek.com/product-security-bulletin/May-2022
https://corp.mediatek.com/product-security-bulletin/May-2022