Google Software and search

In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files

CVE-2022-20203 7.8 - High - June 15, 2022

In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation.

Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A

CVE-2022-20170 9.8 - Critical - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A

In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free

CVE-2021-39806 7.8 - High - June 15, 2022

In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420

Double-free

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java

CVE-2022-20138 7.8 - High - June 15, 2022

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check

CVE-2022-20140 9.8 - Critical - June 15, 2022

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988

Memory Corruption

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch

CVE-2022-20142 7.8 - High - June 15, 2022

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion

CVE-2022-20143 5.5 - Medium - June 15, 2022

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360

Resource Exhaustion

In multiple functions of AvatarPhotoController.java

CVE-2022-20144 7.8 - High - June 15, 2022

In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-187702830

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack

CVE-2022-20145 9.8 - Critical - June 15, 2022

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking

CVE-2022-20153 6.7 - Medium - June 15, 2022

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel

Dangling pointer

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition

CVE-2022-20154 6.4 - Medium - June 15, 2022

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel

Race Condition

In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition

CVE-2022-20155 7 - High - June 15, 2022

In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176754369References: N/A

Race Condition

In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation

CVE-2022-20156 7.8 - High - June 15, 2022

In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A

Improper Input Validation

In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-20162 4.4 - Medium - June 15, 2022

In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A

Out-of-bounds Read

In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-20165 4.4 - Medium - June 15, 2022

In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A

Out-of-bounds Read

In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow

CVE-2022-20166 6.7 - Medium - June 15, 2022

In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel

Memory Corruption

Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A

CVE-2022-20171 9.8 - Critical - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A

In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check

CVE-2022-20172 5.5 - Medium - June 15, 2022

In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206987222References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A

CVE-2022-20173 9.8 - Critical - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A

In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-20174 4.4 - Medium - June 15, 2022

In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210847407References: N/A

Out-of-bounds Read

Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A

CVE-2022-20175 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A

In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check

CVE-2022-20176 4.4 - Medium - June 15, 2022

In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197787879References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A

CVE-2022-20177 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A

In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow

CVE-2022-20178 6.7 - Medium - June 15, 2022

In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A

Memory Corruption

Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A

CVE-2022-20179 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A

CVE-2022-20181 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A

In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check

CVE-2022-20182 4.4 - Medium - June 15, 2022

In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/A

In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20183 6.7 - Medium - June 15, 2022

In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A

Memory Corruption

Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A

CVE-2022-20184 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A

In TBD of TBD, there is a possible use after free bug

CVE-2022-20185 6.7 - Medium - June 15, 2022

In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A

Dangling pointer

In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation

CVE-2022-20186 7.8 - High - June 15, 2022

In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A

Improper Input Validation

Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A

CVE-2022-20188 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A

CVE-2022-20190 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A

CVE-2022-20191 9.8 - Critical - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A

In grantEmbeddedWindowFocus of WindowManagerService.java

CVE-2022-20192 7.8 - High - June 15, 2022

In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712

In getUniqueUsagesWithLabels of PermissionUsageHelper.java

CVE-2022-20193 7.3 - High - June 15, 2022

In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116

In onCreate of ChooseLockGeneric.java, there is a possible permission bypass

CVE-2022-20194 7.8 - High - June 15, 2022

In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization

CVE-2022-20195 5 - Medium - June 15, 2022

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172664

Marshaling, Unmarshaling

In gallery3d and photos, there is a possible permission bypass due to a confused deputy

CVE-2022-20196 5 - Medium - June 15, 2022

In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148

In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass

CVE-2022-20197 7.8 - High - June 15, 2022

In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300

In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20198 4.4 - Medium - June 15, 2022

In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-221851879

Out-of-bounds Read

In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check

CVE-2022-20200 5.5 - Medium - June 15, 2022

In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212695058

In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20201 6.7 - Medium - June 15, 2022

In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220733817

Memory Corruption

In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow

CVE-2022-20202 6.5 - Medium - June 15, 2022

In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204704614

Memory Corruption

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java

CVE-2022-20204 7.8 - High - June 15, 2022

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation

CVE-2022-20205 5.5 - Medium - June 15, 2022

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561

Improper Input Validation

In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check

CVE-2022-20206 5.5 - Medium - June 15, 2022

In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220737634

In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value

CVE-2022-20207 7.8 - High - June 15, 2022

In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714

In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-20208 4.4 - Medium - June 15, 2022

In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192743373

Out-of-bounds Read

In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow

CVE-2022-20209 7.5 - High - June 15, 2022

In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397

Memory Corruption

The UE and the EMM communicate with each other using NAS messages

CVE-2022-20210 9.8 - Critical - June 15, 2022

The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888

In param_find_digests_internal and related functions of the Titan-M source

CVE-2022-20233 6.7 - Medium - June 15, 2022

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A

Memory Corruption

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking

CVE-2022-20141 7.8 - High - June 15, 2022

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel

Improper Locking

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy

CVE-2022-20146 5.5 - Medium - June 15, 2022

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20147 7.8 - High - June 15, 2022

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105

Memory Corruption

In TBD of TBD, there is a possible use-after-free due to a race condition

CVE-2022-20148 6.4 - Medium - June 15, 2022

In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219513976References: Upstream kernel

Race Condition

Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A

CVE-2022-20149 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A

CVE-2022-20151 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A

In the TitanM chip, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20152 6.7 - Medium - June 15, 2022

In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006198References: N/A

Memory Corruption

In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-20159 4.4 - Medium - June 15, 2022

In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A

Out-of-bounds Read

Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A

CVE-2022-20160 9.8 - Critical - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A

CVE-2022-20164 9.8 - Critical - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A

CVE-2022-20169 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A

CVE-2022-20168 7.5 - High - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A

CVE-2022-20167 9.8 - Critical - June 15, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A

In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input

CVE-2021-39691 7.3 - High - June 15, 2022

In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241

Clickjacking

In setScanMode of AdapterService.java

CVE-2022-20126 7.3 - High - June 15, 2022

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023

authentification

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20131 7.5 - High - June 15, 2022

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662

Memory Corruption

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check

CVE-2022-20133 7.8 - High - June 15, 2022

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch

CVE-2022-20135 7.8 - High - June 15, 2022

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465

In onCreateContextMenu of NetworkProviderSettings.java

CVE-2022-20137 7.3 - High - June 15, 2022

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392

Incorrect Default Permissions

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user

CVE-2022-20129 5.5 - Medium - June 15, 2022

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478

Improper Input Validation

In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2022-20130 9.8 - Critical - June 15, 2022

In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979

Memory Corruption

In lg_probe and related functions of hid-lg.c and other USB HID files

CVE-2022-20132 4.6 - Medium - June 15, 2022

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

Out-of-bounds Read

In readArguments of CallSubjectDialog.java

CVE-2022-20134 7.8 - High - June 15, 2022

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397

Improper Input Validation

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20123 7.5 - High - June 15, 2022

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424

Out-of-bounds Read

In deletePackageX of DeletePackageHelper.java

CVE-2022-20124 7.8 - High - June 15, 2022

In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-170646036

In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape

CVE-2022-20125 6.8 - Medium - June 15, 2022

In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free

CVE-2022-20127 9.8 - Critical - June 15, 2022

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119

Memory Corruption

kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions

CVE-2022-31055 7.5 - High - June 13, 2022

kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.

AuthZ

Improper handling of insufficient permissions vulnerability in addAppPackageNameTo

CVE-2022-30727 5.5 - Medium - June 07, 2022

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.

Improper Handling of Exceptional Conditions

Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1

CVE-2022-30728 3.3 - Low - June 07, 2022

Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

Exposure of Resource to Wrong Sphere

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-30725 4.3 - Medium - June 07, 2022

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Improper Handling of Exceptional Conditions

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-30723 4.3 - Medium - June 07, 2022

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Improper Handling of Exceptional Conditions

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-30724 4.3 - Medium - June 07, 2022

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Improper Handling of Exceptional Conditions

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1

CVE-2022-30721 5.3 - Medium - June 07, 2022

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Improper Input Validation

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1

CVE-2022-30720 5.3 - Medium - June 07, 2022

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Improper Input Validation

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1

CVE-2022-30719 5.3 - Medium - June 07, 2022

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Improper Input Validation

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1

CVE-2022-30717 7.5 - High - June 07, 2022

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.

AuthZ

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1

CVE-2022-30716 5.3 - Medium - June 07, 2022

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

Improper Handling of Exceptional Conditions

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1

CVE-2022-30715 5.3 - Medium - June 07, 2022

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.

AuthZ

Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1

CVE-2022-30714 3.3 - Low - June 07, 2022

Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

Exposure of Resource to Wrong Sphere

Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1

CVE-2022-30713 9.1 - Critical - June 07, 2022

Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1

CVE-2022-30711 9.1 - Critical - June 07, 2022

Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1

CVE-2022-30726 7.8 - High - June 07, 2022

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1

CVE-2022-30729 4.6 - Medium - June 07, 2022

Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1

CVE-2022-30722 9.8 - Critical - June 07, 2022

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.

Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1

CVE-2022-30709 5.3 - Medium - June 07, 2022

Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Improper Input Validation

Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1

CVE-2022-30712 9.1 - Critical - June 07, 2022

Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1

CVE-2022-30710 9.1 - Critical - June 07, 2022

Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation