Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-20147
CVE-2022-20147:
NixOS vulnerability analysis and mitigation
Overview
A vulnerability identified as CVE-2022-20147 was discovered in the nfadmchecksetconfig function of nfadmmain.cc in Android. The vulnerability affects multiple Android versions including Android 10, 11, 12, and 12L. This security issue was disclosed in the June 2022 Android Security Bulletin (Android Bulletin, CVE Details).
Technical details
The vulnerability stems from a missing bounds check in the nfadmchecksetconfig function within nfadmmain.cc, which could potentially lead to an out-of-bounds write condition. The issue was assigned Android ID A-221216105 and was included in the June 2022 security patch level (CVE Details).
Impact
The vulnerability could result in local privilege escalation on affected Android devices. No additional execution privileges are required for exploitation, making it a significant security concern (CVE Details).
Mitigation and workarounds
Google addressed this vulnerability in the Android Security Bulletin for June 2022. Users of affected Android versions (10, 11, 12, and 12L) should apply the security patch level dated 2022-06-01 or later to protect their devices (Android Bulletin).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management