Google Android Mobile operating system
Recent Google Android Security Advisories
@Android Tweets

Fri Mar 24 17:28:15 +0000 2023

Thu Mar 23 16:31:39 +0000 2023

Tue Mar 21 16:49:30 +0000 2023
By the Year
In 2023 there have been 62 vulnerabilities in Google Android with an average score of 6.6 out of ten. Last year Android had 897 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.15.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 62 | 6.61 |
2022 | 897 | 6.45 |
2021 | 574 | 6.60 |
2020 | 699 | 7.00 |
2019 | 491 | 7.11 |
2018 | 294 | 7.58 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Android Security Vulnerabilities
In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2023-20981
4.4 - Medium
- March 24, 2023
In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256165737
Out-of-bounds Read
In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2023-20982
4.4 - Medium
- March 24, 2023
In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568083
Out-of-bounds Read
In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2023-20983
4.4 - Medium
- March 24, 2023
In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449
Out-of-bounds Read
In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2023-20984
4.4 - Medium
- March 24, 2023
In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878
Out-of-bounds Read
In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation
CVE-2023-20985
7.8 - High
- March 24, 2023
In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245915315
Memory Corruption
In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2023-20986
4.4 - Medium
- March 24, 2023
In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304475
Out-of-bounds Read
In wlan driver, there is a possible missing params check
CVE-2022-47459
5.5 - Medium
- March 10, 2023
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Memory Corruption
In telephony service, there is a missing permission check
CVE-2022-47481
5.5 - Medium
- March 10, 2023
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
AuthZ
In telephony service, there is a missing permission check
CVE-2022-47480
5.5 - Medium
- March 10, 2023
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
AuthZ
In telephone service, there is a missing permission check
CVE-2022-47462
6.7 - Medium
- March 10, 2023
In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
AuthZ
In telephone service, there is a missing permission check
CVE-2022-47461
6.7 - Medium
- March 10, 2023
In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
AuthZ
In gpu device, there is a memory corruption due to a use after free
CVE-2022-47460
5.5 - Medium
- March 10, 2023
In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.
Dangling pointer
In wlan driver, there is a possible missing params check
CVE-2022-47458
5.5 - Medium
- March 10, 2023
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Out-of-bounds Read
In wlan driver, there is a possible missing params check
CVE-2022-47457
5.5 - Medium
- March 10, 2023
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Memory Corruption
In wlan driver, there is a possible missing params check
CVE-2022-47456
5.5 - Medium
- March 10, 2023
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Out-of-bounds Read
In wlan driver, there is a possible missing params check
CVE-2022-47455
5.5 - Medium
- March 10, 2023
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Out-of-bounds Read
In wlan driver, there is a possible missing params check
CVE-2022-47454
5.5 - Medium
- March 10, 2023
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
Integer Overflow or Wraparound
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free
CVE-2023-20933
7.8 - High
- February 28, 2023
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753
Dangling pointer
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow
CVE-2023-20948
7.5 - High
- February 28, 2023
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526
Out-of-bounds Read
In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy
CVE-2023-20946
9.8 - Critical
- February 28, 2023
In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101
In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2023-20945
7.8 - High
- February 28, 2023
In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269
Memory Corruption
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization
CVE-2023-20944
7.8 - High
- February 28, 2023
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558
Marshaling, Unmarshaling
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error
CVE-2023-20943
7.8 - High
- February 28, 2023
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890
Directory traversal
In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto
CVE-2023-20940
7.8 - High
- February 28, 2023
In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041
Improper Verification of Cryptographic Signature
In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking
CVE-2023-20939
7.8 - High
- February 28, 2023
In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981
Improper Locking
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free
CVE-2023-20937
7.8 - High
- February 28, 2023
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel
Dangling pointer
In resolveAttributionSource of ServiceUtilities.cpp
CVE-2023-20934
7.8 - High
- February 28, 2023
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation
CVE-2023-20938
7.8 - High
- February 28, 2023
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel
Dangling pointer
In onCreatePreferences of EditInfoFragment.java
CVE-2023-20932
3.3 - Low
- February 28, 2023
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018
Improper Input Validation
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code
CVE-2022-20551
6.7 - Medium
- February 28, 2023
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset
CVE-2022-20481
5.5 - Medium
- February 28, 2023
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion
CVE-2022-20455
5.5 - Medium
- February 28, 2023
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431
Resource Exhaustion
In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow
CVE-2023-20949
5.5 - Medium
- February 15, 2023
In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A
Memory Corruption
In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass
CVE-2023-20927
7.8 - High
- February 15, 2023
In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1
CVE-2023-21419
7.5 - High
- February 09, 2023
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code
CVE-2023-20919
7.8 - High
- January 26, 2023
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068
In onActivityResult of AvatarPickerActivity.java
CVE-2023-20912
7.8 - High
- January 26, 2023
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995
AuthZ
In onCreate of PhoneAccountSettingsActivity.java and related files
CVE-2023-20913
7.8 - High
- January 26, 2023
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785
Clickjacking
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java
CVE-2023-20915
7.8 - High
- January 26, 2023
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197
Always-Incorrect Control Flow Implementation
In exported content providers of ShannonRcs
CVE-2023-20923
5.5 - Medium
- January 26, 2023
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure
CVE-2023-20924
6.8 - Medium
- January 26, 2023
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A
authentification
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free
CVE-2023-20925
7.8 - High
- January 26, 2023
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A
Dangling pointer
In binder_vma_close of binder.c, there is a possible use after free due to improper locking
CVE-2023-20928
7.8 - High
- January 26, 2023
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel
Dangling pointer
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities
CVE-2023-20916
7.8 - High
- January 26, 2023
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049
AuthZ
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free
CVE-2023-20920
7.8 - High
- January 26, 2023
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366
Dangling pointer
In onPackageRemoved of AccessibilityManagerService.java
CVE-2023-20921
7.3 - High
- January 26, 2023
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132
Always-Incorrect Control Flow Implementation
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion
CVE-2023-20922
5.5 - Medium
- January 26, 2023
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548
Resource Exhaustion
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion
CVE-2023-20908
5.5 - Medium
- January 26, 2023
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861
Resource Exhaustion
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2023-20905
7.8 - High
- January 26, 2023
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741
Memory Corruption
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code
CVE-2023-20904
7.8 - High
- January 26, 2023
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion
CVE-2022-20494
5.5 - Medium
- January 26, 2023
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204
Allocation of Resources Without Limits or Throttling
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation
CVE-2022-20493
7.8 - High
- January 26, 2023
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316
Improper Input Validation
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2022-20492
7.8 - High
- January 26, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043
Allocation of Resources Without Limits or Throttling
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2022-20490
7.8 - High
- January 26, 2023
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505
Allocation of Resources Without Limits or Throttling
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2022-20489
7.8 - High
- January 26, 2023
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460
Allocation of Resources Without Limits or Throttling
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build
CVE-2022-20458
5.5 - Medium
- January 26, 2023
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776
Insertion of Sensitive Information into Log File
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2022-20456
7.8 - High
- January 26, 2023
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780
Allocation of Resources Without Limits or Throttling
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem
CVE-2022-20235
5.5 - Medium
- January 26, 2023
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780
Buffer Overflow
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion
CVE-2022-20461
7.8 - High
- January 26, 2023
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963
Object Type Confusion
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack
CVE-2022-20215
5.5 - Medium
- January 26, 2023
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206
Clickjacking
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack
CVE-2022-20214
4.7 - Medium
- January 26, 2023
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210
Clickjacking
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack
CVE-2022-20213
5.5 - Medium
- January 26, 2023
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection
CVE-2022-42535
5.5 - Medium
- December 16, 2022
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183
SQL Injection
In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2022-42542
6.7 - Medium
- December 16, 2022
In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184
Memory Corruption
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check
CVE-2022-42543
4.4 - Medium
- December 16, 2022
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A
Out-of-bounds Read
In getView of AddAppNetworksFragment.java
CVE-2022-42544
7.8 - High
- December 16, 2022
In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390
Improper Input Validation
In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack
CVE-2022-20553
6.5 - Medium
- December 16, 2022
In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265
Clickjacking
In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp
CVE-2022-42503
6.7 - Medium
- December 16, 2022
In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231983References: N/A
Memory Corruption
In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check
CVE-2022-42504
6.7 - Medium
- December 16, 2022
In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A
Memory Corruption
In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp
CVE-2022-42505
6.7 - Medium
- December 16, 2022
In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232492References: N/A
Memory Corruption
In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-42506
6.7 - Medium
- December 16, 2022
In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388399References: N/A
Memory Corruption
In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp
CVE-2022-42507
6.7 - Medium
- December 16, 2022
In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A
Memory Corruption
In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-42518
6.7 - Medium
- December 16, 2022
In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A
Memory Corruption
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free
CVE-2022-42520
6.7 - Medium
- December 16, 2022
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A
Dangling pointer
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption
CVE-2022-42519
6.7 - Medium
- December 16, 2022
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A
Memory Corruption
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation
CVE-2022-42534
7.8 - High
- December 16, 2022
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A
Improper Input Validation
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check
CVE-2022-42532
4.4 - Medium
- December 16, 2022
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A
Out-of-bounds Read
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation
CVE-2022-42531
7.8 - High
- December 16, 2022
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A
Allocation of Resources Without Limits or Throttling
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check
CVE-2022-42530
4.4 - Medium
- December 16, 2022
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A
Out-of-bounds Read
Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A
CVE-2022-42529
9.8 - Critical
- December 16, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A
In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-42502
6.7 - Medium
- December 16, 2022
In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A
Memory Corruption
In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-42501
6.7 - Medium
- December 16, 2022
In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A
Memory Corruption
In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation
CVE-2022-42521
6.7 - Medium
- December 16, 2022
In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A
Memory Corruption
In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation
CVE-2022-20548
7.8 - High
- December 16, 2022
In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398
Memory Corruption
In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check
CVE-2022-20547
7.8 - High
- December 16, 2022
In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753
In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20546
6.7 - Medium
- December 16, 2022
In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798
Memory Corruption
In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation
CVE-2022-20545
7.5 - High
- December 16, 2022
In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697
Improper Input Validation
In onOptionsItemSelected of ManageApplications.java
CVE-2022-20544
4.4 - Medium
- December 16, 2022
In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070
AuthZ
In multiple locations, there is a possible display crash loop due to improper input validation
CVE-2022-20543
2.3 - Low
- December 16, 2022
In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261
Improper Input Validation
In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20541
4.2 - Medium
- December 16, 2022
In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126
Out-of-bounds Read
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free
CVE-2022-20540
7.8 - High
- December 16, 2022
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506
Dangling pointer
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20539
6.7 - Medium
- December 16, 2022
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425
Memory Corruption
In getSmsRoleHolder of RoleService.java
CVE-2022-20538
5.5 - Medium
- December 16, 2022
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770
Side Channel Attack
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java
CVE-2022-20525
3.3 - Low
- December 16, 2022
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768
Exposure of Resource to Wrong Sphere
In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free
CVE-2022-20524
7.8 - High
- December 16, 2022
In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213
Dangling pointer
In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20523
5.5 - Medium
- December 16, 2022
In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508
Out-of-bounds Read
In getSlice of ProviderModelSlice.java, there is a missing permission check
CVE-2022-20522
7.8 - High
- December 16, 2022
In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877
AuthZ
In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check
CVE-2022-20521
5 - Medium
- December 16, 2022
In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684
NULL Pointer Dereference
In onCreate of various files, there is a possible tapjacking/overlay attack
CVE-2022-20520
7.8 - High
- December 16, 2022
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202
Clickjacking
In onCreate of AddAppNetworksActivity.java
CVE-2022-20519
3.3 - Low
- December 16, 2022
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Android or by Google? Click the Watch button to subscribe.
