What is CVE-2022-2390?

CVE-2022-2390 is a medium-severity vulnerability in Google Llc Play Services Sdk, classified under Modification of Assumed-Immutable Data (MAID). CVSS score: 6.1/10. Published 2022-08-12.

How severe is CVE-2022-2390?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Vulnerability in Google Llc Play Services Sdk

CVE-2022-2390

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an…

EPSS: 0.000 (5.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N.

Affected products

Google Llc Play Services Sdk — versions unspecified

Weakness classification (CWE)

CWE-471 — Modification of Assumed-Immutable Data (MAID)

References

developers.google.com/android/guides/releases (x_refsource_MISC)
mvnrepository.com/artifact/com.google.android.gms/play-services-basement/18.0.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-2390?: CVE-2022-2390 is a medium-severity vulnerability in Google Llc Play Services Sdk, classified under Modification of Assumed-Immutable Data (MAID). CVSS score: 6.1/10. Published 2022-08-12.
How severe is CVE-2022-2390?: Medium severity. CVSS v3 base score is 6.1 out of 10.