Integer Overflow in construct_transaction of lwis_ioctl.c Allows for Local Privilege Escalation in Android Kernel

Integer Overflow in construct_transaction of lwis_ioctl.c Allows for Local Privilege Escalation in Android Kernel

CVE-2022-20367 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

In construct_transaction of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225877459References: N/A

Learn more about our Cis Benchmark Audit For Google Android.