Google Android Mobile operating system

In Settings

CVE-2021-0734 5.5 - Medium - August 11, 2022

In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189122911

Exposure of Resource to Wrong Sphere

In PackageManager

CVE-2021-0735 5.5 - Medium - August 11, 2022

In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056

Incorrect Default Permissions

In USB Manager

CVE-2021-0975 5.5 - Medium - August 11, 2022

In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273

Exposure of Resource to Wrong Sphere

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free

CVE-2022-20158 6.7 - Medium - August 11, 2022

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel

Dangling pointer

In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check

CVE-2022-20180 7.8 - High - August 11, 2022

In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212804042References: N/A

In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20237 9.8 - Critical - August 11, 2022

In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229621649References: N/A

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation

CVE-2022-20241 3.3 - Low - August 11, 2022

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011

Improper Input Validation

In Telephony

CVE-2022-20242 5.5 - Medium - August 11, 2022

In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212

Side Channel Attack

In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free

CVE-2022-20372 6.7 - Medium - August 11, 2022

In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195480799References: N/A

Dangling pointer

In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition

CVE-2022-20373 6.4 - Medium - August 11, 2022

In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208269510References: N/A

Race Condition

On specific devices, there is a possible bypass of configuration integrity due to improperly used crypto

CVE-2022-20374 7.8 - High - August 11, 2022

On specific devices, there is a possible bypass of configuration integrity due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201078231References: N/A

Inadequate Encryption Strength

In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20375 7.5 - High - August 11, 2022

In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180956894References: N/A

Out-of-bounds Read

In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking

CVE-2022-20376 6.7 - Medium - August 11, 2022

In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216130110References: N/A

Dangling pointer

In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key

CVE-2022-20377 6.7 - Medium - August 11, 2022

In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222339795References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A

CVE-2022-20378 9.8 - Critical - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A

In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free

CVE-2022-20379 6.7 - Medium - August 11, 2022

In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209436980References: N/A

Dangling pointer

Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A

CVE-2022-20380 7.5 - High - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A

CVE-2022-20381 9.8 - Critical - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A

In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow

CVE-2022-20382 6.7 - Medium - August 11, 2022

In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-214245176References: Upstream kernel

Memory Corruption

In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow

CVE-2022-20383 7.8 - High - August 11, 2022

In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222408847References: N/A

Integer Overflow or Wraparound

Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A

CVE-2022-20384 9.8 - Critical - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A

In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20400 9.8 - Critical - August 11, 2022

In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225178325References: N/A

Memory Corruption

In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check

CVE-2022-20401 7.5 - High - August 11, 2022

In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-226446030References: N/A

Out-of-bounds Read

Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A

CVE-2022-20402 9.8 - Critical - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A

CVE-2022-20403 9.8 - Critical - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A

CVE-2022-20404 7.5 - High - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A

CVE-2022-20405 9.8 - Critical - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A

CVE-2022-20406 7.5 - High - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A

CVE-2022-20407 7.5 - High - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A

Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A

CVE-2022-20408 7.5 - High - August 11, 2022

Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and

CVE-2022-20239 9.8 - Critical - August 10, 2022

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091

Externally Controlled Reference to a Resource in Another Sphere

In btif_dm_auth_cmpl_evt of btif_dm.cc

CVE-2022-20361 9.8 - Critical - August 10, 2022

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check

CVE-2022-20360 7.8 - High - August 10, 2022

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987

Incorrect Default Permissions

** REJECT ** DO NOT USE THIS CVE RECORD

CVE-2022-20359 - August 10, 2022

** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

In startSync of AbstractThreadedSyncAdapter.java

CVE-2022-20358 3.3 - Low - August 10, 2022

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608

Incorrect Default Permissions

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data

CVE-2022-20357 5.5 - Medium - August 10, 2022

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987

Missing Initialization of Resource

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service

CVE-2022-20356 7.8 - High - August 10, 2022

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903

Improper Input Validation

In get of PacProxyService.java, there is a possible system service crash due to improper input validation

CVE-2022-20355 5.5 - Medium - August 10, 2022

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290

Improper Input Validation

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code

CVE-2022-20354 7.8 - High - August 10, 2022

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation

CVE-2022-20353 5.5 - Medium - August 10, 2022

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221041256

Improper Input Validation

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn

CVE-2022-20352 5.5 - Medium - August 10, 2022

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-222473855

Incorrect Default Permissions

In onCreate of NotificationAccessConfirmationActivity.java

CVE-2022-20350 5.5 - Medium - August 10, 2022

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437

Improper Input Validation

In WifiScanningPreferenceController and BluetoothScanningPreferenceController

CVE-2022-20349 7.8 - High - August 10, 2022

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315522

Incorrect Default Permissions

In updateState of LocationServicesWifiS

CVE-2022-20348 7.8 - High - August 10, 2022

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529

Incorrect Default Permissions

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy

CVE-2022-20347 8.8 - High - August 10, 2022

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-20346 6.5 - Medium - August 10, 2022

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653

Out-of-bounds Read

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20345 8.8 - High - August 10, 2022

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481

Memory Corruption

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition

CVE-2022-20344 7 - High - August 10, 2022

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-232541124

Race Condition

In Task.java, there is a possible escalation of privilege due to a confused deputy

CVE-2021-39696 7.8 - High - August 10, 2022

In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-185810717

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1

CVE-2022-33732 7.1 - High - August 05, 2022

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.

Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1

CVE-2022-33730 6.8 - Medium - August 05, 2022

Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.

Memory Corruption

Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-33729 3.3 - Low - August 05, 2022

Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1

CVE-2022-33728 3.3 - Low - August 05, 2022

Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1

CVE-2022-33726 3.3 - Low - August 05, 2022

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.

A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1

CVE-2022-33725 3.3 - Low - August 05, 2022

A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.

Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1

CVE-2022-33724 3.3 - Low - August 05, 2022

Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.

Cleartext Transmission of Sensitive Information

A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1

CVE-2022-33721 5.5 - Medium - August 05, 2022

A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1

CVE-2022-33720 2.4 - Low - August 05, 2022

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.

Improper input validation in baseband prior to SMR Aug-2022 Release 1

CVE-2022-33719 9.8 - Critical - August 05, 2022

Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.

Integer Overflow or Wraparound

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps

CVE-2022-33718 3.3 - Low - August 05, 2022

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.

A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1

CVE-2022-33717 4.4 - Medium - August 05, 2022

A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.

Out-of-bounds Read

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1

CVE-2022-33715 5.5 - Medium - August 05, 2022

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.

Directory traversal

Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1

CVE-2022-33714 3.3 - Low - August 05, 2022

Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1

CVE-2022-33723 6.1 - Medium - August 05, 2022

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

Clickjacking

A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1

CVE-2022-33727 6.1 - Medium - August 05, 2022

A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

Clickjacking

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1

CVE-2022-33716 4.4 - Medium - August 05, 2022

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.

Use of Uninitialized Resource

Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1

CVE-2022-33722 3.3 - Low - August 05, 2022

Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.

Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1

CVE-2022-33731 7.1 - High - August 05, 2022

Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation

CVE-2022-20230 5.5 - Medium - July 13, 2022

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221859869

Improper Input Validation

There is a unauthorized broadcast in the SprdContactsProvider

CVE-2022-20217 6.5 - Medium - July 13, 2022

There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378

AuthZ

In multiple functions of StorageManagerService.java and UserManagerService.java

CVE-2022-20219 5.5 - Medium - July 13, 2022

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613

Missing Encryption of Sensitive Data

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code

CVE-2022-20218 7.8 - High - July 13, 2022

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044

Improper Privilege Management

android exported is used to set third-party app access permissions, and the default value of intent-filter is true

CVE-2022-20216 9.8 - Critical - July 13, 2022

android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack

CVE-2022-20212 7.8 - High - July 13, 2022

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630

Clickjacking

A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android So

CVE-2022-20236 7.5 - High - July 13, 2022

A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709

Buffer Overflow

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free

CVE-2022-20228 6.5 - Medium - July 13, 2022

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213850092

Dangling pointer

In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20222 9.8 - Critical - July 13, 2022

In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096

Memory Corruption

In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation

CVE-2022-20221 6.5 - Medium - July 13, 2022

In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133

Out-of-bounds Read

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and

CVE-2022-20238 9.8 - Critical - July 13, 2022

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555

Buffer Overflow

In Car Settings app, the NotificationAccessConfirmationActivity is exported

CVE-2022-20234 7.5 - High - July 13, 2022

In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301

Incorrect Permission Assignment for Critical Resource

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2022-20229 9.8 - Critical - July 13, 2022

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184

Memory Corruption

In USB driver, there is a possible out of bounds read due to a heap buffer overflow

CVE-2022-20227 5.5 - Medium - July 13, 2022

In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernel

Out-of-bounds Read

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation

CVE-2022-20226 3.9 - Low - July 13, 2022

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870

Clickjacking

In getSubscriptionProperty of SubscriptionController.java

CVE-2022-20225 5.5 - Medium - July 13, 2022

In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213457638

AuthZ

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check

CVE-2022-20224 7.5 - High - July 13, 2022

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646

Out-of-bounds Read

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java

CVE-2022-20223 7.8 - High - July 13, 2022

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534

Externally Controlled Reference to a Resource in Another Sphere

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error

CVE-2022-20220 7.8 - High - July 13, 2022

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-219015884

Directory traversal

Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1

CVE-2022-33690 3.3 - Low - July 12, 2022

Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.

Directory traversal

Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1

CVE-2022-33692 3.3 - Low - July 12, 2022

Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

Exposure of Resource to Wrong Sphere

Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1

CVE-2022-33696 3.3 - Low - July 12, 2022

Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

Exposure of Resource to Wrong Sphere

Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1

CVE-2022-33697 3.3 - Low - July 12, 2022

Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

Insertion of Sensitive Information into Log File

Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1

CVE-2022-33698 3.3 - Low - July 12, 2022

Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.

Exposure of Resource to Wrong Sphere

Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1

CVE-2022-33699 2.3 - Low - July 12, 2022

Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

Exposure of Resource to Wrong Sphere

Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1

CVE-2022-33700 2.3 - Low - July 12, 2022

Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

Exposure of Resource to Wrong Sphere

Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1

CVE-2022-33693 2.3 - Low - July 12, 2022

Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

Insertion of Sensitive Information into Log File

Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address

CVE-2022-30750 3.3 - Low - July 12, 2022

Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.

Exposure of Resource to Wrong Sphere

Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1

CVE-2022-33695 7.8 - High - July 12, 2022

Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.

Incorrect Permission Assignment for Critical Resource

Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1

CVE-2022-33694 3.3 - Low - July 12, 2022

Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.

Exposure of Resource to Wrong Sphere

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1

CVE-2022-33703 7.8 - High - July 12, 2022

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1

CVE-2022-33702 5.5 - Medium - July 12, 2022

Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.

AuthZ