Vulnerabilities > CVE-2022-20215 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
google
CWE-1021

Summary

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206

Vulnerable Configurations

Part Description Count
OS
Google
3