Google Google Software and search

Do you want an email whenever new security vulnerabilities are reported in any Google product?

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android3014 vulnerabilities
Mobile operating system

Google Chrome1547 vulnerabilities
Web browser

Google Tensorflow407 vulnerabilities
Open source machine learning / AI library

Google Chrome Os24 vulnerabilities

Google Asylo14 vulnerabilities

Google Fuchsia4 vulnerabilities

Google Fscrypt4 vulnerabilities

Google Protobuf Java4 vulnerabilities

Google Guest Oslogin3 vulnerabilities

Google Protobuf Javalite3 vulnerabilities

Google Gerrit3 vulnerabilities

Google Gvisor3 vulnerabilities

Google Monorail3 vulnerabilities

Google Kubernetes Engine2 vulnerabilities

Google Guava2 vulnerabilities

Google Lacros2 vulnerabilities

Google Earth2 vulnerabilities

Google Protobuf2 vulnerabilities

Google Protobuf2 vulnerabilities

Google V82 vulnerabilities

Google Protobuf Kotlin2 vulnerabilities

Google Bazel2 vulnerabilities

Google Perfetto1 vulnerability

Google Protobuf Python1 vulnerability

Google Protobuf Cpp1 vulnerability

Google Openthread1 vulnerability

Google Gson1 vulnerability

Google Santa1 vulnerability

Google Skia1 vulnerability

Google Slashify1 vulnerability

Google Slo Generator1 vulnerability

Google Snappy1 vulnerability

Google Tink1 vulnerability

Google Titan Security Key1 vulnerability

Google Toolbar1 vulnerability

Google Voice Builder1 vulnerability

Google Web Stories1 vulnerability

Google Web Toolkit1 vulnerability

Google Android Api1 vulnerability

Google Angle1 vulnerability

Google Api C Client1 vulnerability

Google Bindiff1 vulnerability

Google BoringSSL1 vulnerability
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Google Brotli1 vulnerability

Google Cardboard1 vulnerability

Google Chrome Launcher1 vulnerability

Google Closure Library1 vulnerability

Google Firebase Php Jwt1 vulnerability

Google Firebaseutil1 vulnerability

Google Go Attestation1 vulnerability

Google Search1 vulnerability

Google Kctf1 vulnerability

Recent Google Security Advisories

Advisory Title Published
Pixel Update Bulletin—January 2023 | Android Open Source Project January 26, 2023
Android Security Bulletin—January 2023 | Android Open Source Project January 26, 2023
Android Automotive OS Update Bulletin—January 2023 | Android Open Source Project January 26, 2023
Chrome Releases: Stable Channel Update for Desktop January 10, 2023
Chrome Releases: Stable Channel Update for Desktop January 2, 2023
Pixel Update Bulletin—December2022 | Android Open Source Project December 16, 2022
Chrome Releases: Stable Channel Update for Desktop December 14, 2022
Android Security Bulletin—December 2022 | Android Open Source Project December 13, 2022
Chrome Releases: Stable Channel Update for Desktop December 2, 2022
Chrome Releases: Stable Channel Update for Desktop November 30, 2022

@google Tweets

#GoogleTV’s #WatchWithMe is back, featuring director and comedian @JuddApatow. Before we talk rom-coms and stand up… https://t.co/odXk3wwMia
Thu Feb 02 20:45:42 +0000 2023

RT @GoogleNewsInit: .@afronews is the oldest, family-owned, African American publisher in the United States. For 130 years, they’ve provide…
Thu Feb 02 19:46:42 +0000 2023

By the Year

In 2023 there have been 41 vulnerabilities in Google with an average score of 7.0 out of ten. Last year Google had 1386 security vulnerabilities published. Right now, Google is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.13.

Year Vulnerabilities Average Score
2023 41 7.02
2022 1386 6.89
2021 1123 7.02
2020 987 7.10
2019 808 7.11
2018 419 7.41

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

In onActivityResult of AvatarPickerActivity.java

CVE-2023-20912 7.8 - High - January 26, 2023

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995

AuthZ

In onCreate of PhoneAccountSettingsActivity.java and related files

CVE-2023-20913 7.8 - High - January 26, 2023

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785

Clickjacking

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java

CVE-2023-20915 7.8 - High - January 26, 2023

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197

Always-Incorrect Control Flow Implementation

In exported content providers of ShannonRcs

CVE-2023-20923 5.5 - Medium - January 26, 2023

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure

CVE-2023-20924 6.8 - Medium - January 26, 2023

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A

authentification

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free

CVE-2023-20925 7.8 - High - January 26, 2023

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A

Dangling pointer

In binder_vma_close of binder.c, there is a possible use after free due to improper locking

CVE-2023-20928 7.8 - High - January 26, 2023

In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel

Dangling pointer

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities

CVE-2023-20916 7.8 - High - January 26, 2023

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049

AuthZ

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code

CVE-2023-20919 7.8 - High - January 26, 2023

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free

CVE-2023-20920 7.8 - High - January 26, 2023

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366

Dangling pointer

In onPackageRemoved of AccessibilityManagerService.java

CVE-2023-20921 7.3 - High - January 26, 2023

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132

Always-Incorrect Control Flow Implementation

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion

CVE-2023-20922 5.5 - Medium - January 26, 2023

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548

Resource Exhaustion

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code

CVE-2023-20904 7.8 - High - January 26, 2023

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20905 7.8 - High - January 26, 2023

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741

Memory Corruption

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion

CVE-2023-20908 5.5 - Medium - January 26, 2023

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861

Resource Exhaustion

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack

CVE-2022-20213 5.5 - Medium - January 26, 2023

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack

CVE-2022-20214 4.7 - Medium - January 26, 2023

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210

Clickjacking

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack

CVE-2022-20215 5.5 - Medium - January 26, 2023

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206

Clickjacking

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem

CVE-2022-20235 5.5 - Medium - January 26, 2023

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780

Buffer Overflow

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion

CVE-2022-20456 7.8 - High - January 26, 2023

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780

Allocation of Resources Without Limits or Throttling

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build

CVE-2022-20458 5.5 - Medium - January 26, 2023

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776

Insertion of Sensitive Information into Log File

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion

CVE-2022-20461 7.8 - High - January 26, 2023

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963

Object Type Confusion

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion

CVE-2022-20489 7.8 - High - January 26, 2023

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460

Allocation of Resources Without Limits or Throttling

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion

CVE-2022-20490 7.8 - High - January 26, 2023

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505

Allocation of Resources Without Limits or Throttling

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion

CVE-2022-20492 7.8 - High - January 26, 2023

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043

Allocation of Resources Without Limits or Throttling

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation

CVE-2022-20493 7.8 - High - January 26, 2023

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316

Improper Input Validation

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion

CVE-2022-20494 5.5 - Medium - January 26, 2023

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204

Allocation of Resources Without Limits or Throttling

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74

CVE-2023-0131 6.5 - Medium - January 10, 2023

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74

CVE-2023-0129 8.8 - High - January 10, 2023

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

Memory Corruption

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74

CVE-2023-0141 4.3 - Medium - January 10, 2023

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74

CVE-2023-0138 8.8 - High - January 10, 2023

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption

Use after free in Cart in Google Chrome prior to 109.0.5414.74

CVE-2023-0135 8.8 - High - January 10, 2023

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Use after free in Cart in Google Chrome prior to 109.0.5414.74

CVE-2023-0134 8.8 - High - January 10, 2023

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Use after free in Passwords in Google Chrome prior to 105.0.5195.125

CVE-2022-3842 7.5 - High - January 02, 2023

Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Browser History in Google Chrome prior to 100.0.4896.75

CVE-2022-3863 6.1 - Medium - January 02, 2023

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

Dangling pointer

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80

CVE-2022-4025 4.3 - Medium - January 02, 2023

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)

Exposure of Resource to Wrong Sphere

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79

CVE-2022-2743 8.8 - High - January 02, 2023

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)

Integer Overflow or Wraparound

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51

CVE-2022-0801 6.1 - Medium - January 02, 2023

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)

XSS

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77

CVE-2021-30558 8.8 - High - January 02, 2023

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72

CVE-2021-21200 5.4 - Medium - January 02, 2023

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)

Out-of-bounds Read

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81

CVE-2019-13768 7.4 - High - January 02, 2023

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

Dangling pointer

In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20509 6.7 - Medium - December 16, 2022

In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317

Memory Corruption

In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy

CVE-2022-20550 7.8 - High - December 16, 2022

In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514

In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free

CVE-2022-20554 6.7 - Medium - December 16, 2022

In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596

Dangling pointer

In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20557 6.7 - Medium - December 16, 2022

In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734

Out-of-bounds Read

In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass

CVE-2022-20558 3.3 - Low - December 16, 2022

In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289

In revokeOwnPermissionsOnKill of PermissionManager.java

CVE-2022-20559 3.3 - Low - December 16, 2022

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967

Side Channel Attack

Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A

CVE-2022-20560 7.5 - High - December 16, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A

In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free

CVE-2022-20561 7.8 - High - December 16, 2022

In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A

Dangling pointer

In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code

CVE-2022-20562 3.3 - Low - December 16, 2022

In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A

Exposure of Resource to Wrong Sphere

In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption

CVE-2022-20563 6.7 - Medium - December 16, 2022

In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A

Out-of-bounds Read

In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check

CVE-2022-20564 6.7 - Medium - December 16, 2022

In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/A

Memory Corruption

In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking

CVE-2022-20566 7.8 - High - December 16, 2022

In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel

Dangling pointer

In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free

CVE-2022-20568 7.8 - High - December 16, 2022

In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel

Dangling pointer

Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A

CVE-2022-20570 5.5 - Medium - December 16, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20513 5.5 - Medium - December 16, 2022

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759

Use of a Broken or Risky Cryptographic Algorithm

In acquireFabricatedOverlayIterator

CVE-2022-20514 6.7 - Medium - December 16, 2022

In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875

Dangling pointer

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files

CVE-2022-20515 5.5 - Medium - December 16, 2022

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496

In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20526 3.3 - Low - December 16, 2022

In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774

Memory Corruption

In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20527 5.5 - Medium - December 16, 2022

In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861

Out-of-bounds Read

In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check

CVE-2022-20528 3.3 - Low - December 16, 2022

In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711

Out-of-bounds Read

In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code

CVE-2022-20529 2.4 - Low - December 16, 2022

In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603

Exposure of Resource to Wrong Sphere

In strings.xml, there is a possible permission bypass due to a misleading string

CVE-2022-20530 5.3 - Medium - December 16, 2022

In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645

In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check

CVE-2022-20533 3.3 - Low - December 16, 2022

In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363

AuthZ

In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20555 4.4 - Medium - December 16, 2022

In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233

Out-of-bounds Read

In launchConfigNewNetworkFragment of NetworkProviderSettings.java

CVE-2022-20556 3.3 - Low - December 16, 2022

In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667

AuthZ

In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy

CVE-2022-20199 5.5 - Medium - December 16, 2022

In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025

Externally Controlled Reference to a Resource in Another Sphere

In onCreate of WifiDppConfiguratorActivity.java

CVE-2022-20503 7.8 - High - December 16, 2022

In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890

AuthZ

In multiple locations of DreamManagerService.java, there is a missing permission check

CVE-2022-20504 6.7 - Medium - December 16, 2022

In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553

AuthZ

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error

CVE-2022-20505 6.7 - Medium - December 16, 2022

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754

Directory traversal

In onCreate of WifiDialogActivity.java, there is a missing permission check

CVE-2022-20506 7.8 - High - December 16, 2022

In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034

AuthZ

In onMulticastListUpdateNotificationReceived of UwbEventManager.java

CVE-2022-20507 7.8 - High - December 16, 2022

In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179

Buffer Overflow

In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20541 4.2 - Medium - December 16, 2022

In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126

Out-of-bounds Read

In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-42518 6.7 - Medium - December 16, 2022

In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A

Memory Corruption

In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption

CVE-2022-42519 6.7 - Medium - December 16, 2022

In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A

Memory Corruption

In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free

CVE-2022-42520 6.7 - Medium - December 16, 2022

In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A

Dangling pointer

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation

CVE-2022-42521 6.7 - Medium - December 16, 2022

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A

Memory Corruption

In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check

CVE-2022-42527 7.5 - High - December 16, 2022

In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A

In createDialog of WifiS

CVE-2022-20537 3.3 - Low - December 16, 2022

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169

AuthZ

In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check

CVE-2022-20572 6.7 - Medium - December 16, 2022

In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel

AuthZ

In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation

CVE-2022-20574 5.5 - Medium - December 16, 2022

In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A

Improper Input Validation

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation

CVE-2022-20548 7.8 - High - December 16, 2022

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398

Memory Corruption

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check

CVE-2022-20547 7.8 - High - December 16, 2022

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753

In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20546 6.7 - Medium - December 16, 2022

In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798

Memory Corruption

In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation

CVE-2022-20545 7.5 - High - December 16, 2022

In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697

Improper Input Validation

In onOptionsItemSelected of ManageApplications.java

CVE-2022-20544 4.4 - Medium - December 16, 2022

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070

AuthZ

In multiple locations, there is a possible display crash loop due to improper input validation

CVE-2022-20543 2.3 - Low - December 16, 2022

In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261

Improper Input Validation

In getSlice of ProviderModelSlice.java, there is a missing permission check

CVE-2022-20522 7.8 - High - December 16, 2022

In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877

AuthZ

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check

CVE-2022-20511 5.5 - Medium - December 16, 2022

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829

Incorrect Default Permissions

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow

CVE-2022-20516 7.5 - High - December 16, 2022

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331

Integer Overflow or Wraparound

In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection

CVE-2022-20517 5.5 - Medium - December 16, 2022

In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956

SQL Injection

In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection

CVE-2022-20518 5.5 - Medium - December 16, 2022

In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203

SQL Injection

In onCreate of AddAppNetworksActivity.java

CVE-2022-20519 3.3 - Low - December 16, 2022

In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678

AuthZ

In onCreate of various files, there is a possible tapjacking/overlay attack

CVE-2022-20520 7.8 - High - December 16, 2022

In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202

Clickjacking

In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check

CVE-2022-20521 5 - Medium - December 16, 2022

In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684

NULL Pointer Dereference

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java

CVE-2022-20525 3.3 - Low - December 16, 2022

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768

Exposure of Resource to Wrong Sphere

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free

CVE-2022-20540 7.8 - High - December 16, 2022

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506

Dangling pointer

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20539 6.7 - Medium - December 16, 2022

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425

Memory Corruption

In getSmsRoleHolder of RoleService.java

CVE-2022-20538 5.5 - Medium - December 16, 2022

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770

Side Channel Attack

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2022-20549 6.7 - Medium - December 16, 2022

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.