ASB-A-238177877
- Source
- https://storage.googleapis.com/android-osv/ASB-A-238177877.json
- Aliases
-
- CVE-2022-20471
- Published
- 2023-04-01T00:00:00Z
- Modified
- 2023-09-22T14:42:10Z
- Details
-
In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2023-04-01
- https://android.googlesource.com/platform/hardware/nxp/nfc/+/1164ee536ecf6504e73dcaac0ccb1ee887f3a19c
- https://android.googlesource.com/platform/hardware/nxp/nfc/+/50779bfee26842816f0c241f5dc5a8b8b5f12f37
- https://android.googlesource.com/platform/hardware/nxp/nfc/+/334645060efe1ef0889385512f74513ea1bb29a2
Affected packages
Android / platform/hardware/nxp/nfc
Source Details
- Package Name
- platform/hardware/nxp/nfc
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced11:0Fixed11:2023-04-01Introduced12:0Fixed12:2023-04-01Introduced12L:0Fixed12L:2023-04-01Introduced13:0Fixed13:2023-04-01
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/hardware/nxp/nfc/+/d149359fadcf341fc3003d93b35122dbfa14ff65",
"https://android.googlesource.com/platform/hardware/nxp/nfc/+/253cda9827d63aab0c537f6cc095f507e646116a"
],
"spl": "2023-04-01",
"types": [
"ID"
],
"severity": "High"
}