Wiz
Vulnerability DatabaseCVE-2022-20116

CVE-2022-20116
NixOS vulnerability analysis and mitigation

Overview

A vulnerability was identified in Android's OngoingCallController.kt component, specifically in the onEntryUpdated function. This security flaw, tracked as CVE-2022-20116, affects Android versions 12 and 12L. The vulnerability was discovered and reported to Google, with the official disclosure occurring in the May 2022 Android Security Bulletin (Android Bulletin).

Technical details

The vulnerability exists in the onEntryUpdated function of OngoingCallController.kt, where it becomes possible to launch non-exported activities due to intent redirection. This implementation flaw could be exploited with user execution privileges, though notably, no user interaction is required for successful exploitation (CVE Details).

Impact

The vulnerability allows for local escalation of privilege on affected Android devices. The impact is particularly concerning as it requires minimal user interaction for exploitation, potentially allowing malicious applications to gain elevated privileges on the system (Android Bulletin).

Mitigation and workarounds

Google addressed this vulnerability in the May 2022 Android Security Bulletin. Users of affected Android versions (12 and 12L) should apply the security patch level dated 2022-05-01 or later to protect their devices (Android Bulletin).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-48606HIGH7.8
  • NixOSNixOS
  • android
NoNoDec 08, 2025
CVE-2025-48625HIGH7
  • NixOSNixOS
  • android
NoNoDec 08, 2025
CVE-2025-48608MEDIUM5.5
  • NixOSNixOS
  • android
NoNoDec 08, 2025
CVE-2025-48569MEDIUM5.5
  • NixOSNixOS
  • android
NoNoDec 08, 2025
CVE-2025-65799MEDIUM4.3
  • NixOSNixOS
  • memos
NoYesDec 08, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo