Google Android Mobile operating system

In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20981 4.4 - Medium - March 24, 2023

In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256165737

Out-of-bounds Read

In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20982 4.4 - Medium - March 24, 2023

In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568083

Out-of-bounds Read

In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20983 4.4 - Medium - March 24, 2023

In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449

Out-of-bounds Read

In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20984 4.4 - Medium - March 24, 2023

In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878

Out-of-bounds Read

In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation

CVE-2023-20985 7.8 - High - March 24, 2023

In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245915315

Memory Corruption

In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2023-20986 4.4 - Medium - March 24, 2023

In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304475

Out-of-bounds Read

In wlan driver, there is a possible missing params check

CVE-2022-47459 5.5 - Medium - March 10, 2023

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Memory Corruption

In telephony service, there is a missing permission check

CVE-2022-47481 5.5 - Medium - March 10, 2023

In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.

AuthZ

In telephony service, there is a missing permission check

CVE-2022-47480 5.5 - Medium - March 10, 2023

In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.

AuthZ

In telephone service, there is a missing permission check

CVE-2022-47462 6.7 - Medium - March 10, 2023

In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.

AuthZ

In telephone service, there is a missing permission check

CVE-2022-47461 6.7 - Medium - March 10, 2023

In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.

AuthZ

In gpu device, there is a memory corruption due to a use after free

CVE-2022-47460 5.5 - Medium - March 10, 2023

In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.

Dangling pointer

In wlan driver, there is a possible missing params check

CVE-2022-47458 5.5 - Medium - March 10, 2023

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Out-of-bounds Read

In wlan driver, there is a possible missing params check

CVE-2022-47457 5.5 - Medium - March 10, 2023

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Memory Corruption

In wlan driver, there is a possible missing params check

CVE-2022-47456 5.5 - Medium - March 10, 2023

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Out-of-bounds Read

In wlan driver, there is a possible missing params check

CVE-2022-47455 5.5 - Medium - March 10, 2023

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Out-of-bounds Read

In wlan driver, there is a possible missing params check

CVE-2022-47454 5.5 - Medium - March 10, 2023

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Integer Overflow or Wraparound

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free

CVE-2023-20933 7.8 - High - February 28, 2023

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753

Dangling pointer

In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow

CVE-2023-20948 7.5 - High - February 28, 2023

In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526

Out-of-bounds Read

In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy

CVE-2023-20946 9.8 - Critical - February 28, 2023

In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20945 7.8 - High - February 28, 2023

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269

Memory Corruption

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization

CVE-2023-20944 7.8 - High - February 28, 2023

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558

Marshaling, Unmarshaling

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error

CVE-2023-20943 7.8 - High - February 28, 2023

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890

Directory traversal

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto

CVE-2023-20940 7.8 - High - February 28, 2023

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041

Improper Verification of Cryptographic Signature

In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking

CVE-2023-20939 7.8 - High - February 28, 2023

In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981

Improper Locking

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free

CVE-2023-20937 7.8 - High - February 28, 2023

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel

Dangling pointer

In resolveAttributionSource of ServiceUtilities.cpp

CVE-2023-20934 7.8 - High - February 28, 2023

In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation

CVE-2023-20938 7.8 - High - February 28, 2023

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel

Dangling pointer

In onCreatePreferences of EditInfoFragment.java

CVE-2023-20932 3.3 - Low - February 28, 2023

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018

Improper Input Validation

In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code

CVE-2022-20551 6.7 - Medium - February 28, 2023

In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549

In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset

CVE-2022-20481 5.5 - Medium - February 28, 2023

In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion

CVE-2022-20455 5.5 - Medium - February 28, 2023

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431

Resource Exhaustion

In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow

CVE-2023-20949 5.5 - Medium - February 15, 2023

In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A

Memory Corruption

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass

CVE-2023-20927 7.8 - High - February 15, 2023

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1

CVE-2023-21419 7.5 - High - February 09, 2023

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code

CVE-2023-20919 7.8 - High - January 26, 2023

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068

In onActivityResult of AvatarPickerActivity.java

CVE-2023-20912 7.8 - High - January 26, 2023

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995

AuthZ

In onCreate of PhoneAccountSettingsActivity.java and related files

CVE-2023-20913 7.8 - High - January 26, 2023

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785

Clickjacking

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java

CVE-2023-20915 7.8 - High - January 26, 2023

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197

Always-Incorrect Control Flow Implementation

In exported content providers of ShannonRcs

CVE-2023-20923 5.5 - Medium - January 26, 2023

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure

CVE-2023-20924 6.8 - Medium - January 26, 2023

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A

authentification

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free

CVE-2023-20925 7.8 - High - January 26, 2023

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A

Dangling pointer

In binder_vma_close of binder.c, there is a possible use after free due to improper locking

CVE-2023-20928 7.8 - High - January 26, 2023

In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel

Dangling pointer

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities

CVE-2023-20916 7.8 - High - January 26, 2023

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049

AuthZ

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free

CVE-2023-20920 7.8 - High - January 26, 2023

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366

Dangling pointer

In onPackageRemoved of AccessibilityManagerService.java

CVE-2023-20921 7.3 - High - January 26, 2023

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132

Always-Incorrect Control Flow Implementation

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion

CVE-2023-20922 5.5 - Medium - January 26, 2023

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548

Resource Exhaustion

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion

CVE-2023-20908 5.5 - Medium - January 26, 2023

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861

Resource Exhaustion

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2023-20905 7.8 - High - January 26, 2023

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741

Memory Corruption

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code

CVE-2023-20904 7.8 - High - January 26, 2023

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion

CVE-2022-20494 5.5 - Medium - January 26, 2023

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204

Allocation of Resources Without Limits or Throttling

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation

CVE-2022-20493 7.8 - High - January 26, 2023

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316

Improper Input Validation

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion

CVE-2022-20492 7.8 - High - January 26, 2023

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043

Allocation of Resources Without Limits or Throttling

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion

CVE-2022-20490 7.8 - High - January 26, 2023

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505

Allocation of Resources Without Limits or Throttling

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion

CVE-2022-20489 7.8 - High - January 26, 2023

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460

Allocation of Resources Without Limits or Throttling

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build

CVE-2022-20458 5.5 - Medium - January 26, 2023

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776

Insertion of Sensitive Information into Log File

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion

CVE-2022-20456 7.8 - High - January 26, 2023

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780

Allocation of Resources Without Limits or Throttling

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem

CVE-2022-20235 5.5 - Medium - January 26, 2023

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780

Buffer Overflow

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion

CVE-2022-20461 7.8 - High - January 26, 2023

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963

Object Type Confusion

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack

CVE-2022-20215 5.5 - Medium - January 26, 2023

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206

Clickjacking

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack

CVE-2022-20214 4.7 - Medium - January 26, 2023

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210

Clickjacking

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack

CVE-2022-20213 5.5 - Medium - January 26, 2023

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508

In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection

CVE-2022-42535 5.5 - Medium - December 16, 2022

In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183

SQL Injection

In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2022-42542 6.7 - Medium - December 16, 2022

In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184

Memory Corruption

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-42543 4.4 - Medium - December 16, 2022

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A

Out-of-bounds Read

In getView of AddAppNetworksFragment.java

CVE-2022-42544 7.8 - High - December 16, 2022

In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390

Improper Input Validation

In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack

CVE-2022-20553 6.5 - Medium - December 16, 2022

In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265

Clickjacking

In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp

CVE-2022-42503 6.7 - Medium - December 16, 2022

In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231983References: N/A

Memory Corruption

In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2022-42504 6.7 - Medium - December 16, 2022

In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A

Memory Corruption

In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp

CVE-2022-42505 6.7 - Medium - December 16, 2022

In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232492References: N/A

Memory Corruption

In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-42506 6.7 - Medium - December 16, 2022

In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388399References: N/A

Memory Corruption

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp

CVE-2022-42507 6.7 - Medium - December 16, 2022

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A

Memory Corruption

In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-42518 6.7 - Medium - December 16, 2022

In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A

Memory Corruption

In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free

CVE-2022-42520 6.7 - Medium - December 16, 2022

In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A

Dangling pointer

In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption

CVE-2022-42519 6.7 - Medium - December 16, 2022

In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A

Memory Corruption

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation

CVE-2022-42534 7.8 - High - December 16, 2022

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A

Improper Input Validation

In Pixel firmware, there is a possible out of bounds read due to a missing bounds check

CVE-2022-42532 4.4 - Medium - December 16, 2022

In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A

Out-of-bounds Read

In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation

CVE-2022-42531 7.8 - High - December 16, 2022

In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A

Allocation of Resources Without Limits or Throttling

In Pixel firmware, there is a possible out of bounds read due to a missing bounds check

CVE-2022-42530 4.4 - Medium - December 16, 2022

In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A

Out-of-bounds Read

Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A

CVE-2022-42529 9.8 - Critical - December 16, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A

In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-42502 6.7 - Medium - December 16, 2022

In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A

Memory Corruption

In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-42501 6.7 - Medium - December 16, 2022

In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A

Memory Corruption

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation

CVE-2022-42521 6.7 - Medium - December 16, 2022

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A

Memory Corruption

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation

CVE-2022-20548 7.8 - High - December 16, 2022

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398

Memory Corruption

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check

CVE-2022-20547 7.8 - High - December 16, 2022

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753

In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20546 6.7 - Medium - December 16, 2022

In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798

Memory Corruption

In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation

CVE-2022-20545 7.5 - High - December 16, 2022

In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697

Improper Input Validation

In onOptionsItemSelected of ManageApplications.java

CVE-2022-20544 4.4 - Medium - December 16, 2022

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070

AuthZ

In multiple locations, there is a possible display crash loop due to improper input validation

CVE-2022-20543 2.3 - Low - December 16, 2022

In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261

Improper Input Validation

In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20541 4.2 - Medium - December 16, 2022

In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126

Out-of-bounds Read

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free

CVE-2022-20540 7.8 - High - December 16, 2022

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506

Dangling pointer

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20539 6.7 - Medium - December 16, 2022

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425

Memory Corruption

In getSmsRoleHolder of RoleService.java

CVE-2022-20538 5.5 - Medium - December 16, 2022

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770

Side Channel Attack

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java

CVE-2022-20525 3.3 - Low - December 16, 2022

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768

Exposure of Resource to Wrong Sphere

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free

CVE-2022-20524 7.8 - High - December 16, 2022

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213

Dangling pointer

In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20523 5.5 - Medium - December 16, 2022

In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508

Out-of-bounds Read

In getSlice of ProviderModelSlice.java, there is a missing permission check

CVE-2022-20522 7.8 - High - December 16, 2022

In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877

AuthZ

In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check

CVE-2022-20521 5 - Medium - December 16, 2022

In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684

NULL Pointer Dereference

In onCreate of various files, there is a possible tapjacking/overlay attack

CVE-2022-20520 7.8 - High - December 16, 2022

In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202

Clickjacking

In onCreate of AddAppNetworksActivity.java

CVE-2022-20519 3.3 - Low - December 16, 2022

In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678

AuthZ