Login Sign Up

CVE-2022-20006

7.0 HIGH

📋 TL;DR

This vulnerability allows a local attacker to briefly view content under the lockscreen due to a race condition in Android's keyguard service. It affects Android devices running versions 10 through 12L when Guest user mode is enabled. No user interaction is required for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Android 10, 11, 12, 12L
Operating Systems: Android
Default Config Vulnerable: ✅ No
Notes: Requires Guest user mode to be enabled for full exploitation. Standard user devices without Guest mode have reduced impact.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation allowing unauthorized access to sensitive information displayed under the lockscreen, potentially exposing notifications, messages, or app content.

🟠

Likely Case

Brief visual exposure of lockscreen-protected content by a malicious local user or app, compromising privacy but not persistent access.

🟢

If Mitigated

Minimal impact if Guest user mode is disabled or device is fully patched.

🌐 Internet-Facing: LOW - This is a local attack requiring physical or local app access.
🏢 Internal Only: MEDIUM - Risk exists for shared devices or those with Guest mode enabled in enterprise environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and race condition timing. No authentication bypass but no user interaction needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin June 2022 patches

Vendor Advisory: https://source.android.com/security/bulletin/2022-06-01

Restart Required: Yes

Instructions:

1. Apply June 2022 Android security patch via Settings > System > System update. 2. For managed devices, push patch through MDM. 3. Verify patch level in Settings > About phone > Android version.

🔧 Temporary Workarounds

Disable Guest User Mode

android

Prevents privilege escalation aspect of vulnerability by removing Guest user functionality.

Settings > System > Multiple users > Guest > Remove guest

🧯 If You Can't Patch

  • Disable Guest user mode on all affected devices
  • Implement device usage policies restricting physical access to sensitive devices

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 10-12L and security patch level is before June 2022, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows June 2022 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual keyguard service crashes or race condition errors in system logs

Network Indicators:

  • None - local attack only

SIEM Query:

Device logs showing rapid keyguard state changes or Guest user activation anomalies

📊 Metadata

CVE ID: CVE-2022-20006
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: May 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-20006, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)