Improper Locking
CVE-2022-20376
Summary
In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216130110References: N/A
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- HIGH
- HIGH
- HIGH
CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
References
Advisory Timeline
- Published