Google Android Mobile operating system

In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check

CVE-2022-20121 5.5 - Medium - May 10, 2022

In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A

AuthZ

Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A

CVE-2022-20120 9.8 - Critical - May 10, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A

In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data

CVE-2022-20119 5.5 - Medium - May 10, 2022

In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A

Use of Uninitialized Resource

In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition

CVE-2022-20118 7 - High - May 10, 2022

In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A

Race Condition

In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto

CVE-2022-20117 5.5 - Medium - May 10, 2022

In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A

Use of a Broken or Risky Cryptographic Algorithm

In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check

CVE-2021-39738 7.8 - High - May 10, 2022

In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509

AuthZ

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection

CVE-2022-20116 7.8 - High - May 10, 2022

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212467440

In broadcastServiceStateChanged of TelephonyRegistry.java

CVE-2022-20115 5.5 - Medium - May 10, 2022

In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-210118427

AuthZ

In placeCall of TelecomManager.java

CVE-2022-20114 7.8 - High - May 10, 2022

In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016

Improper Privilege Management

In mPreference of DefaultUsbConfigurationPreferenceController.java

CVE-2022-20113 7.8 - High - May 10, 2022

In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-205996517

In getAvailabilityStatus of PrivateDnsPreferenceController.java

CVE-2022-20112 5.5 - Medium - May 10, 2022

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762

Improper Privilege Management

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check

CVE-2022-20011 5.5 - Medium - May 10, 2022

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128

AuthZ

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-20010 6.5 - Medium - May 10, 2022

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176

Out-of-bounds Read

In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20009 6.8 - Medium - May 10, 2022

In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel

Memory Corruption

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data

CVE-2022-20008 4.6 - Medium - May 10, 2022

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel

Use of Uninitialized Resource

In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app

CVE-2022-20007 7 - High - May 10, 2022

In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342

Race Condition

In several functions of KeyguardServiceWrapper.java and related files

CVE-2022-20006 7 - High - May 10, 2022

In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-151095871

Race Condition

In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK

CVE-2022-20005 7.8 - High - May 10, 2022

In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219044664

In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation

CVE-2022-20004 7.8 - High - May 10, 2022

In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767

Incorrect Default Permissions

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results

CVE-2021-39700 5.5 - Medium - May 10, 2022

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201645790

In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation

CVE-2021-39670 5.5 - Medium - May 10, 2022

In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139

Improper Input Validation

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1

CVE-2022-28786 5.5 - Medium - May 03, 2022

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Out-of-bounds Read

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1

CVE-2022-28785 5.5 - Medium - May 03, 2022

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Out-of-bounds Read

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1

CVE-2022-28784 3.3 - Low - May 03, 2022

Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.

Directory traversal

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1

CVE-2022-28783 7.1 - High - May 03, 2022

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.

Improper Input Validation

Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1

CVE-2022-28782 4.6 - Medium - May 03, 2022

Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.

AuthZ

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege

CVE-2022-28781 6.7 - Medium - May 03, 2022

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.

Improper Input Validation

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows

CVE-2022-28780 5.5 - Medium - May 03, 2022

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1

CVE-2022-28788 5.5 - Medium - May 03, 2022

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Out-of-bounds Read

Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1

CVE-2022-28787 5.5 - Medium - May 03, 2022

Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Out-of-bounds Read

In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass

CVE-2021-39802 7.8 - High - April 12, 2022

In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel

Improper Privilege Management

In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking

CVE-2021-39801 7.8 - High - April 12, 2022

In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel

Dangling pointer

In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free

CVE-2021-39800 5.5 - Medium - April 12, 2022

In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel

Dangling pointer

In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation

CVE-2021-39799 7.8 - High - April 12, 2022

In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596

Improper Privilege Management

In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check

CVE-2021-39798 7.8 - High - April 12, 2022

In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612

Buffer Overflow

In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code

CVE-2021-39797 7.8 - High - April 12, 2022

In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104

Improper Privilege Management

In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free

CVE-2021-39803 6.5 - Medium - April 12, 2022

In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350

Out-of-bounds Read

In broadcastPortInfo of AdbService.java

CVE-2021-39794 7.8 - High - April 12, 2022

In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329

Incorrect Default Permissions

In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-39814 6.7 - Medium - April 12, 2022

In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A

Memory Corruption

In TBD of TBD, there is a possible out of bounds read due to a use after free

CVE-2021-39812 7.8 - High - April 12, 2022

In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A

Dangling pointer

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2021-39809 7.5 - High - April 12, 2022

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191

Out-of-bounds Read

In createNotificationChannelGroup of PreferencesHelper.java

CVE-2021-39808 7.8 - High - April 12, 2022

In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086

Improper Privilege Management

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC

CVE-2021-39807 7.8 - High - April 12, 2022

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496

Improper Privilege Management

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2021-39805 6.5 - Medium - April 12, 2022

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559

Exposure of Resource to Wrong Sphere

In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check

CVE-2021-39804 6.5 - Medium - April 12, 2022

In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587

NULL Pointer Dereference

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java

CVE-2021-39796 7.3 - High - April 12, 2022

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291

Clickjacking

In multiple locations of MediaProvider.java

CVE-2021-39795 7.8 - High - April 12, 2022

In multiple locations of MediaProvider.java , there is a possible way to get read/write access to other app's dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-201667614

Incorrect Permission Assignment for Critical Resource

In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free

CVE-2021-0707 7.8 - High - April 12, 2022

In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel

Dangling pointer

In setServiceForegroundInnerLocked of ActiveServices.java

CVE-2021-0694 7.8 - High - April 12, 2022

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114

AuthZ

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1

CVE-2022-27821 5.5 - Medium - April 11, 2022

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.

Out-of-bounds Read

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1

CVE-2022-27576 3.3 - Low - April 11, 2022

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission

Exposure of Resource to Wrong Sphere

Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1

CVE-2022-27575 3.3 - Low - April 11, 2022

Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.

Exposure of Resource to Wrong Sphere

Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-27574 7.2 - High - April 11, 2022

Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.

Memory Corruption

Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-27573 7.2 - High - April 11, 2022

Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.

Memory Corruption

Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-27572 9.8 - Critical - April 11, 2022

Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

Memory Corruption

Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-27571 9.8 - Critical - April 11, 2022

Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

Memory Corruption

Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-27570 9.8 - Critical - April 11, 2022

Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

Memory Corruption

Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-27569 9.8 - Critical - April 11, 2022

Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

Memory Corruption

Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-27568 9.8 - Critical - April 11, 2022

Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

Memory Corruption

Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-27567 9.8 - Critical - April 11, 2022

Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.

NULL Pointer Dereference

Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-26099 9.1 - Critical - April 11, 2022

Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.

NULL Pointer Dereference

Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1

CVE-2022-27832 3.3 - Low - April 11, 2022

Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.

Out-of-bounds Read

Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1

CVE-2022-27831 4.4 - Medium - April 11, 2022

Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.

Out-of-bounds Read

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1

CVE-2022-27830 7.8 - High - April 11, 2022

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1

CVE-2022-27829 7.8 - High - April 11, 2022

Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1

CVE-2022-27828 7.8 - High - April 11, 2022

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1

CVE-2022-27827 7.8 - High - April 11, 2022

Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1

CVE-2022-27826 7.8 - High - April 11, 2022

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1

CVE-2022-27825 7.1 - High - April 11, 2022

Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.

Out-of-bounds Read

Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1

CVE-2022-27824 7.1 - High - April 11, 2022

Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file

Out-of-bounds Read

Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1

CVE-2022-27823 7.1 - High - April 11, 2022

Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.

Out-of-bounds Read

Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1

CVE-2022-27822 5.5 - Medium - April 11, 2022

Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.

Exposure of Resource to Wrong Sphere

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1

CVE-2022-25831 4.6 - Medium - April 11, 2022

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.

authentification

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1

CVE-2022-27836 7.8 - High - April 11, 2022

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.

Directory traversal

Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1

CVE-2022-27835 7.8 - High - April 11, 2022

Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.

Buffer Overflow

Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-26098 9.8 - Critical - April 11, 2022

Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

Memory Corruption

Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-26097 9.8 - Critical - April 11, 2022

Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

NULL Pointer Dereference

Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-26096 9.8 - Critical - April 11, 2022

Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

NULL Pointer Dereference

Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-26095 9.8 - Critical - April 11, 2022

Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

NULL Pointer Dereference

Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1

CVE-2022-25832 6.8 - Medium - April 11, 2022

Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.

authentification

Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-26094 9.8 - Critical - April 11, 2022

Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

NULL Pointer Dereference

Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1

CVE-2022-26093 9.8 - Critical - April 11, 2022

Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

NULL Pointer Dereference

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1

CVE-2022-26092 7.8 - High - April 11, 2022

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.

Memory Corruption

Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows

CVE-2022-26091 6.8 - Medium - April 11, 2022

Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.

authentification

Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows

CVE-2022-26090 3.3 - Low - April 11, 2022

Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.

Exposure of Resource to Wrong Sphere

Improper authentication in ImsService prior to SMR Apr-2022 Release 1

CVE-2022-25833 3.3 - Low - April 11, 2022

Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.

authentification

In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy

CVE-2021-39787 7.8 - High - March 30, 2022

In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202506934

Externally Controlled Reference to a Resource in Another Sphere

In NFC, there is a possible out of bounds write due to a missing bounds check

CVE-2021-39786 6.7 - Medium - March 30, 2022

In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247

Memory Corruption

In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check

CVE-2021-39784 7.8 - High - March 30, 2022

In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477

Improper Privilege Management

In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check

CVE-2021-39742 5.5 - Medium - March 30, 2022

In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602

AuthZ

In Keymaster, there is a possible out of bounds write due to a missing bounds check

CVE-2021-39741 7.8 - High - March 30, 2022

In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-173567719

Memory Corruption

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation

CVE-2021-39740 5.5 - Medium - March 30, 2022

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112

Improper Input Validation

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure

CVE-2021-39739 3.3 - Low - March 30, 2022

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194

Insertion of Sensitive Information into Log File

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check

CVE-2022-20002 7.8 - High - March 30, 2022

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657

AuthZ

In WallpaperManagerService

CVE-2021-39791 5.5 - Medium - March 30, 2022

In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606

Side Channel Attack

In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check

CVE-2021-39790 7.8 - High - March 30, 2022

In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146

AuthZ

In Telecom, there is a possible leak of TTY mode change due to a missing permission check

CVE-2021-39789 7.8 - High - March 30, 2022

In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906

AuthZ

In TelecomManager

CVE-2021-39788 5.5 - Medium - March 30, 2022

In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014

Side Channel Attack

In rcsservice, there is a possible way to modify TTY mode due to a missing permission check

CVE-2021-39783 7.8 - High - March 30, 2022

In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597

Improper Privilege Management

In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check

CVE-2021-39782 7.8 - High - March 30, 2022

In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015

Improper Privilege Management