Wiz
Vulnerability DatabaseCVE-2022-20009

CVE-2022-20009
Linux Ubuntu vulnerability analysis and mitigation

Overview

A vulnerability in the USB gadget subsystem of the Android kernel was identified and tracked as CVE-2022-20009. The issue was discovered and reported through Android's security program, with the vulnerability being publicly disclosed in the May 2022 Android Security Bulletin. This vulnerability affects various versions of the Android kernel (Android Bulletin).

Technical details

The vulnerability stems from a missing bounds check in various functions of the USB gadget subsystem, which could potentially lead to an out-of-bounds write condition. The issue was assigned Android ID A-213172319 and was deemed significant enough to warrant inclusion in the Android security updates (CVE Mitre).

Impact

The vulnerability could potentially enable local escalation of privilege on affected Android devices. Notably, the exploitation does not require additional execution privileges or user interaction to be successful (CVE Mitre).

Mitigation and workarounds

The vulnerability was addressed in the May 2022 Android Security Bulletin. Users are advised to update their Android devices to the latest available security patch level to protect against this vulnerability (Android Bulletin).

Additional resources

SourceThis report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-62408MEDIUM5.9
  • Linux DebianLinux Debian
  • c-ares
NoNoDec 08, 2025
CVE-2023-53769N/AN/A
  • Linux KernelLinux Kernel
  • kernel-rt-64k-debug
NoYesDec 08, 2025
CVE-2023-53768N/AN/A
  • Linux DebianLinux Debian
  • linux-aws-fips
NoYesDec 08, 2025
CVE-2023-53767N/AN/A
  • Linux KernelLinux Kernel
  • kernel-abi-stablelists
NoYesDec 08, 2025
CVE-2023-53766N/AN/A
  • Linux DebianLinux Debian
  • linux-aws-hwe
NoYesDec 08, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo