{"id":"ASB-A-221856662","details":"In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-221856662","CVE-2022-20131"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2022-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198"}],"affected":[{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L-next:0"},{"fixed":"12L-next:2022-06-01"}]}],"versions":["12L-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198"],"vanir_signatures":[{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["34975717492042135901446728523998989999","90413502481760613099594574736873831887","320523821704544772715334960455628891026"]},"source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","id":"ASB-A-221856662-6d23832a","target":{"file":"src/nfc/nfc/nfc_ncif.cc"}},{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"42002811067232942361744446294019484761","length":1027},"id":"ASB-A-221856662-98a39881","source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","target":{"file":"src/nfc/nfc/nfc_ncif.cc","function":"nfc_ncif_proc_ee_discover_req"}}],"spl":"2022-06-01","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221856662.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-06-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"42002811067232942361744446294019484761","length":1027},"source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","id":"ASB-A-221856662-028b263c","target":{"file":"src/nfc/nfc/nfc_ncif.cc","function":"nfc_ncif_proc_ee_discover_req"}},{"deprecated":false,"signature_type":"Line","target":{"file":"src/nfc/nfc/nfc_ncif.cc"},"digest":{"threshold":0.9,"line_hashes":["34975717492042135901446728523998989999","90413502481760613099594574736873831887","320523821704544772715334960455628891026"]},"id":"ASB-A-221856662-ac37e2ef","source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","signature_version":"v1"}],"spl":"2022-06-01","severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221856662.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-06-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"42002811067232942361744446294019484761","length":1027},"source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","id":"ASB-A-221856662-30dbb4ef","target":{"file":"src/nfc/nfc/nfc_ncif.cc","function":"nfc_ncif_proc_ee_discover_req"}},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["34975717492042135901446728523998989999","90413502481760613099594574736873831887","320523821704544772715334960455628891026"]},"source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","id":"ASB-A-221856662-b6f4718d","target":{"file":"src/nfc/nfc/nfc_ncif.cc"}}],"types":["ID"],"spl":"2022-06-01","fixes":["https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221856662.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-06-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Function","target":{"file":"src/nfc/nfc/nfc_ncif.cc","function":"nfc_ncif_proc_ee_discover_req"},"digest":{"function_hash":"42002811067232942361744446294019484761","length":1027},"id":"ASB-A-221856662-6064fd98","source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","signature_version":"v1"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["34975717492042135901446728523998989999","90413502481760613099594574736873831887","320523821704544772715334960455628891026"]},"source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","id":"ASB-A-221856662-795c2ca3","target":{"file":"src/nfc/nfc/nfc_ncif.cc"}}],"types":["ID"],"spl":"2022-06-01","severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221856662.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198"],"vanir_signatures":[{"deprecated":false,"signature_type":"Line","target":{"file":"src/nfc/nfc/nfc_ncif.cc"},"digest":{"threshold":0.9,"line_hashes":["34975717492042135901446728523998989999","90413502481760613099594574736873831887","320523821704544772715334960455628891026"]},"id":"ASB-A-221856662-3b25cf81","source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","signature_version":"v1"},{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"42002811067232942361744446294019484761","length":1027},"id":"ASB-A-221856662-70d24653","source":"https://android.googlesource.com/platform/system/nfc/+/1c6ab25b3d76c2ced764dc649bec6cf05aecd198","target":{"file":"src/nfc/nfc/nfc_ncif.cc","function":"nfc_ncif_proc_ee_discover_req"}}],"spl":"2022-06-01","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221856662.json"}}],"schema_version":"1.7.5"}