Google Software and search
Products by Google Sorted by Most Security Vulnerabilities since 2018
Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Recent Google Security Advisories
@google Tweets

Thu Feb 02 20:45:42 +0000 2023

Thu Feb 02 19:46:42 +0000 2023
By the Year
In 2023 there have been 41 vulnerabilities in Google with an average score of 7.0 out of ten. Last year Google had 1386 security vulnerabilities published. Right now, Google is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.13.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 41 | 7.02 |
2022 | 1386 | 6.89 |
2021 | 1123 | 7.02 |
2020 | 987 | 7.10 |
2019 | 808 | 7.11 |
2018 | 419 | 7.41 |
It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Security Vulnerabilities
In onActivityResult of AvatarPickerActivity.java
CVE-2023-20912
7.8 - High
- January 26, 2023
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995
AuthZ
In onCreate of PhoneAccountSettingsActivity.java and related files
CVE-2023-20913
7.8 - High
- January 26, 2023
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785
Clickjacking
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java
CVE-2023-20915
7.8 - High
- January 26, 2023
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197
Always-Incorrect Control Flow Implementation
In exported content providers of ShannonRcs
CVE-2023-20923
5.5 - Medium
- January 26, 2023
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure
CVE-2023-20924
6.8 - Medium
- January 26, 2023
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A
authentification
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free
CVE-2023-20925
7.8 - High
- January 26, 2023
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A
Dangling pointer
In binder_vma_close of binder.c, there is a possible use after free due to improper locking
CVE-2023-20928
7.8 - High
- January 26, 2023
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel
Dangling pointer
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities
CVE-2023-20916
7.8 - High
- January 26, 2023
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049
AuthZ
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code
CVE-2023-20919
7.8 - High
- January 26, 2023
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free
CVE-2023-20920
7.8 - High
- January 26, 2023
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366
Dangling pointer
In onPackageRemoved of AccessibilityManagerService.java
CVE-2023-20921
7.3 - High
- January 26, 2023
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132
Always-Incorrect Control Flow Implementation
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion
CVE-2023-20922
5.5 - Medium
- January 26, 2023
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548
Resource Exhaustion
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code
CVE-2023-20904
7.8 - High
- January 26, 2023
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2023-20905
7.8 - High
- January 26, 2023
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741
Memory Corruption
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion
CVE-2023-20908
5.5 - Medium
- January 26, 2023
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861
Resource Exhaustion
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack
CVE-2022-20213
5.5 - Medium
- January 26, 2023
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack
CVE-2022-20214
4.7 - Medium
- January 26, 2023
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210
Clickjacking
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack
CVE-2022-20215
5.5 - Medium
- January 26, 2023
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206
Clickjacking
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem
CVE-2022-20235
5.5 - Medium
- January 26, 2023
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780
Buffer Overflow
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2022-20456
7.8 - High
- January 26, 2023
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780
Allocation of Resources Without Limits or Throttling
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build
CVE-2022-20458
5.5 - Medium
- January 26, 2023
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776
Insertion of Sensitive Information into Log File
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion
CVE-2022-20461
7.8 - High
- January 26, 2023
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963
Object Type Confusion
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2022-20489
7.8 - High
- January 26, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460
Allocation of Resources Without Limits or Throttling
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2022-20490
7.8 - High
- January 26, 2023
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505
Allocation of Resources Without Limits or Throttling
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2022-20492
7.8 - High
- January 26, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043
Allocation of Resources Without Limits or Throttling
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation
CVE-2022-20493
7.8 - High
- January 26, 2023
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316
Improper Input Validation
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion
CVE-2022-20494
5.5 - Medium
- January 26, 2023
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204
Allocation of Resources Without Limits or Throttling
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74
CVE-2023-0131
6.5 - Medium
- January 10, 2023
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74
CVE-2023-0129
8.8 - High
- January 10, 2023
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
Memory Corruption
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74
CVE-2023-0141
4.3 - Medium
- January 10, 2023
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74
CVE-2023-0138
8.8 - High
- January 10, 2023
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Memory Corruption
Use after free in Cart in Google Chrome prior to 109.0.5414.74
CVE-2023-0135
8.8 - High
- January 10, 2023
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in Cart in Google Chrome prior to 109.0.5414.74
CVE-2023-0134
8.8 - High
- January 10, 2023
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in Passwords in Google Chrome prior to 105.0.5195.125
CVE-2022-3842
7.5 - High
- January 02, 2023
Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Browser History in Google Chrome prior to 100.0.4896.75
CVE-2022-3863
6.1 - Medium
- January 02, 2023
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
Dangling pointer
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80
CVE-2022-4025
4.3 - Medium
- January 02, 2023
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)
Exposure of Resource to Wrong Sphere
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79
CVE-2022-2743
8.8 - High
- January 02, 2023
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)
Integer Overflow or Wraparound
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51
CVE-2022-0801
6.1 - Medium
- January 02, 2023
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)
XSS
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77
CVE-2021-30558
8.8 - High
- January 02, 2023
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72
CVE-2021-21200
5.4 - Medium
- January 02, 2023
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)
Out-of-bounds Read
Use after free in FileAPI in Google Chrome prior to 72.0.3626.81
CVE-2019-13768
7.4 - High
- January 02, 2023
Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)
Dangling pointer
In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20509
6.7 - Medium
- December 16, 2022
In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317
Memory Corruption
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy
CVE-2022-20550
7.8 - High
- December 16, 2022
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free
CVE-2022-20554
6.7 - Medium
- December 16, 2022
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596
Dangling pointer
In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20557
6.7 - Medium
- December 16, 2022
In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734
Out-of-bounds Read
In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass
CVE-2022-20558
3.3 - Low
- December 16, 2022
In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289
In revokeOwnPermissionsOnKill of PermissionManager.java
CVE-2022-20559
3.3 - Low
- December 16, 2022
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967
Side Channel Attack
Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A
CVE-2022-20560
7.5 - High
- December 16, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A
In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free
CVE-2022-20561
7.8 - High
- December 16, 2022
In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A
Dangling pointer
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code
CVE-2022-20562
3.3 - Low
- December 16, 2022
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A
Exposure of Resource to Wrong Sphere
In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption
CVE-2022-20563
6.7 - Medium
- December 16, 2022
In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A
Out-of-bounds Read
In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check
CVE-2022-20564
6.7 - Medium
- December 16, 2022
In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/A
Memory Corruption
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking
CVE-2022-20566
7.8 - High
- December 16, 2022
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel
Dangling pointer
In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free
CVE-2022-20568
7.8 - High
- December 16, 2022
In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel
Dangling pointer
Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A
CVE-2022-20570
5.5 - Medium
- December 16, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20513
5.5 - Medium
- December 16, 2022
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759
Use of a Broken or Risky Cryptographic Algorithm
In acquireFabricatedOverlayIterator
CVE-2022-20514
6.7 - Medium
- December 16, 2022
In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875
Dangling pointer
In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files
CVE-2022-20515
5.5 - Medium
- December 16, 2022
In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20526
3.3 - Low
- December 16, 2022
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774
Memory Corruption
In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20527
5.5 - Medium
- December 16, 2022
In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861
Out-of-bounds Read
In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check
CVE-2022-20528
3.3 - Low
- December 16, 2022
In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711
Out-of-bounds Read
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code
CVE-2022-20529
2.4 - Low
- December 16, 2022
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603
Exposure of Resource to Wrong Sphere
In strings.xml, there is a possible permission bypass due to a misleading string
CVE-2022-20530
5.3 - Medium
- December 16, 2022
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645
In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check
CVE-2022-20533
3.3 - Low
- December 16, 2022
In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363
AuthZ
In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20555
4.4 - Medium
- December 16, 2022
In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233
Out-of-bounds Read
In launchConfigNewNetworkFragment of NetworkProviderSettings.java
CVE-2022-20556
3.3 - Low
- December 16, 2022
In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667
AuthZ
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy
CVE-2022-20199
5.5 - Medium
- December 16, 2022
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025
Externally Controlled Reference to a Resource in Another Sphere
In onCreate of WifiDppConfiguratorActivity.java
CVE-2022-20503
7.8 - High
- December 16, 2022
In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890
AuthZ
In multiple locations of DreamManagerService.java, there is a missing permission check
CVE-2022-20504
6.7 - Medium
- December 16, 2022
In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553
AuthZ
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error
CVE-2022-20505
6.7 - Medium
- December 16, 2022
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754
Directory traversal
In onCreate of WifiDialogActivity.java, there is a missing permission check
CVE-2022-20506
7.8 - High
- December 16, 2022
In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034
AuthZ
In onMulticastListUpdateNotificationReceived of UwbEventManager.java
CVE-2022-20507
7.8 - High
- December 16, 2022
In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179
Buffer Overflow
In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20541
4.2 - Medium
- December 16, 2022
In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126
Out-of-bounds Read
In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-42518
6.7 - Medium
- December 16, 2022
In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A
Memory Corruption
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption
CVE-2022-42519
6.7 - Medium
- December 16, 2022
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A
Memory Corruption
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free
CVE-2022-42520
6.7 - Medium
- December 16, 2022
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A
Dangling pointer
In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation
CVE-2022-42521
6.7 - Medium
- December 16, 2022
In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A
Memory Corruption
In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check
CVE-2022-42527
7.5 - High
- December 16, 2022
In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A
In createDialog of WifiS
CVE-2022-20537
3.3 - Low
- December 16, 2022
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169
AuthZ
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check
CVE-2022-20572
6.7 - Medium
- December 16, 2022
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel
AuthZ
In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation
CVE-2022-20574
5.5 - Medium
- December 16, 2022
In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A
Improper Input Validation
In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation
CVE-2022-20548
7.8 - High
- December 16, 2022
In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398
Memory Corruption
In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check
CVE-2022-20547
7.8 - High
- December 16, 2022
In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753
In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20546
6.7 - Medium
- December 16, 2022
In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798
Memory Corruption
In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation
CVE-2022-20545
7.5 - High
- December 16, 2022
In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697
Improper Input Validation
In onOptionsItemSelected of ManageApplications.java
CVE-2022-20544
4.4 - Medium
- December 16, 2022
In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070
AuthZ
In multiple locations, there is a possible display crash loop due to improper input validation
CVE-2022-20543
2.3 - Low
- December 16, 2022
In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261
Improper Input Validation
In getSlice of ProviderModelSlice.java, there is a missing permission check
CVE-2022-20522
7.8 - High
- December 16, 2022
In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877
AuthZ
In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check
CVE-2022-20511
5.5 - Medium
- December 16, 2022
In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829
Incorrect Default Permissions
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow
CVE-2022-20516
7.5 - High
- December 16, 2022
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331
Integer Overflow or Wraparound
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection
CVE-2022-20517
5.5 - Medium
- December 16, 2022
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956
SQL Injection
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection
CVE-2022-20518
5.5 - Medium
- December 16, 2022
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203
SQL Injection
In onCreate of AddAppNetworksActivity.java
CVE-2022-20519
3.3 - Low
- December 16, 2022
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678
AuthZ
In onCreate of various files, there is a possible tapjacking/overlay attack
CVE-2022-20520
7.8 - High
- December 16, 2022
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202
Clickjacking
In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check
CVE-2022-20521
5 - Medium
- December 16, 2022
In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684
NULL Pointer Dereference
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java
CVE-2022-20525
3.3 - Low
- December 16, 2022
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768
Exposure of Resource to Wrong Sphere
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free
CVE-2022-20540
7.8 - High
- December 16, 2022
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506
Dangling pointer
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20539
6.7 - Medium
- December 16, 2022
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425
Memory Corruption
In getSmsRoleHolder of RoleService.java
CVE-2022-20538
5.5 - Medium
- December 16, 2022
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770
Side Channel Attack
In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check
CVE-2022-20549
6.7 - Medium
- December 16, 2022
In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451
Memory Corruption