Google Android Mobile operating system
Recent Google Android Security Advisories
@Android Tweets

Fri Aug 12 17:00:00 +0000 2022

Thu Aug 11 18:47:26 +0000 2022

Thu Aug 11 16:00:41 +0000 2022

Wed Aug 10 21:10:19 +0000 2022

Wed Aug 10 20:09:57 +0000 2022
By the Year
In 2022 there have been 484 vulnerabilities in Google Android with an average score of 6.7 out of ten. Last year Android had 574 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Android in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.10.
Year | Vulnerabilities | Average Score |
---|---|---|
2022 | 484 | 6.70 |
2021 | 574 | 6.60 |
2020 | 699 | 6.99 |
2019 | 491 | 7.11 |
2018 | 294 | 7.58 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Android Security Vulnerabilities
In Settings
CVE-2021-0734
5.5 - Medium
- August 11, 2022
In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189122911
Exposure of Resource to Wrong Sphere
In PackageManager
CVE-2021-0735
5.5 - Medium
- August 11, 2022
In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-188913056
Incorrect Default Permissions
In USB Manager
CVE-2021-0975
5.5 - Medium
- August 11, 2022
In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273
Exposure of Resource to Wrong Sphere
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free
CVE-2022-20158
6.7 - Medium
- August 11, 2022
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel
Dangling pointer
In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check
CVE-2022-20180
7.8 - High
- August 11, 2022
In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212804042References: N/A
In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20237
9.8 - Critical
- August 11, 2022
In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229621649References: N/A
In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation
CVE-2022-20241
3.3 - Low
- August 11, 2022
In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011
Improper Input Validation
In Telephony
CVE-2022-20242
5.5 - Medium
- August 11, 2022
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212
Side Channel Attack
In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free
CVE-2022-20372
6.7 - Medium
- August 11, 2022
In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195480799References: N/A
Dangling pointer
In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition
CVE-2022-20373
6.4 - Medium
- August 11, 2022
In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208269510References: N/A
Race Condition
On specific devices, there is a possible bypass of configuration integrity due to improperly used crypto
CVE-2022-20374
7.8 - High
- August 11, 2022
On specific devices, there is a possible bypass of configuration integrity due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201078231References: N/A
Inadequate Encryption Strength
In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20375
7.5 - High
- August 11, 2022
In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180956894References: N/A
Out-of-bounds Read
In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking
CVE-2022-20376
6.7 - Medium
- August 11, 2022
In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216130110References: N/A
Dangling pointer
In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key
CVE-2022-20377
6.7 - Medium
- August 11, 2022
In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222339795References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A
CVE-2022-20378
9.8 - Critical
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A
In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free
CVE-2022-20379
6.7 - Medium
- August 11, 2022
In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209436980References: N/A
Dangling pointer
Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A
CVE-2022-20380
7.5 - High
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A
CVE-2022-20381
9.8 - Critical
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A
In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow
CVE-2022-20382
6.7 - Medium
- August 11, 2022
In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-214245176References: Upstream kernel
Memory Corruption
In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow
CVE-2022-20383
7.8 - High
- August 11, 2022
In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222408847References: N/A
Integer Overflow or Wraparound
Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A
CVE-2022-20384
9.8 - Critical
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A
In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20400
9.8 - Critical
- August 11, 2022
In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225178325References: N/A
Memory Corruption
In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check
CVE-2022-20401
7.5 - High
- August 11, 2022
In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-226446030References: N/A
Out-of-bounds Read
Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A
CVE-2022-20402
9.8 - Critical
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A
CVE-2022-20403
9.8 - Critical
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A
CVE-2022-20404
7.5 - High
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A
CVE-2022-20405
9.8 - Critical
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A
CVE-2022-20406
7.5 - High
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A
CVE-2022-20407
7.5 - High
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A
Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A
CVE-2022-20408
7.5 - High
- August 11, 2022
Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and
CVE-2022-20239
9.8 - Critical
- August 10, 2022
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091
Externally Controlled Reference to a Resource in Another Sphere
In btif_dm_auth_cmpl_evt of btif_dm.cc
CVE-2022-20361
9.8 - Critical
- August 10, 2022
In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check
CVE-2022-20360
7.8 - High
- August 10, 2022
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987
Incorrect Default Permissions
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2022-20359
- August 10, 2022
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
In startSync of AbstractThreadedSyncAdapter.java
CVE-2022-20358
3.3 - Low
- August 10, 2022
In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608
Incorrect Default Permissions
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data
CVE-2022-20357
5.5 - Medium
- August 10, 2022
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987
Missing Initialization of Resource
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service
CVE-2022-20356
7.8 - High
- August 10, 2022
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903
Improper Input Validation
In get of PacProxyService.java, there is a possible system service crash due to improper input validation
CVE-2022-20355
5.5 - Medium
- August 10, 2022
In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290
Improper Input Validation
In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code
CVE-2022-20354
7.8 - High
- August 10, 2022
In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241
In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation
CVE-2022-20353
5.5 - Medium
- August 10, 2022
In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221041256
Improper Input Validation
In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn
CVE-2022-20352
5.5 - Medium
- August 10, 2022
In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-222473855
Incorrect Default Permissions
In onCreate of NotificationAccessConfirmationActivity.java
CVE-2022-20350
5.5 - Medium
- August 10, 2022
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437
Improper Input Validation
In WifiScanningPreferenceController and BluetoothScanningPreferenceController
CVE-2022-20349
7.8 - High
- August 10, 2022
In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315522
Incorrect Default Permissions
In updateState of LocationServicesWifiS
CVE-2022-20348
7.8 - High
- August 10, 2022
In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529
Incorrect Default Permissions
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy
CVE-2022-20347
8.8 - High
- August 10, 2022
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811
In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check
CVE-2022-20346
6.5 - Medium
- August 10, 2022
In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653
Out-of-bounds Read
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20345
8.8 - High
- August 10, 2022
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481
Memory Corruption
In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition
CVE-2022-20344
7 - High
- August 10, 2022
In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-232541124
Race Condition
In Task.java, there is a possible escalation of privilege due to a confused deputy
CVE-2021-39696
7.8 - High
- August 10, 2022
In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-185810717
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1
CVE-2022-33732
7.1 - High
- August 05, 2022
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1
CVE-2022-33730
6.8 - Medium
- August 05, 2022
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.
Memory Corruption
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-33729
3.3 - Low
- August 05, 2022
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1
CVE-2022-33728
3.3 - Low
- August 05, 2022
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1
CVE-2022-33726
3.3 - Low
- August 05, 2022
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1
CVE-2022-33725
3.3 - Low
- August 05, 2022
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1
CVE-2022-33724
3.3 - Low
- August 05, 2022
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.
Cleartext Transmission of Sensitive Information
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1
CVE-2022-33721
5.5 - Medium
- August 05, 2022
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1
CVE-2022-33720
2.4 - Low
- August 05, 2022
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.
Improper input validation in baseband prior to SMR Aug-2022 Release 1
CVE-2022-33719
9.8 - Critical
- August 05, 2022
Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.
Integer Overflow or Wraparound
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps
CVE-2022-33718
3.3 - Low
- August 05, 2022
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1
CVE-2022-33717
4.4 - Medium
- August 05, 2022
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.
Out-of-bounds Read
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1
CVE-2022-33715
5.5 - Medium
- August 05, 2022
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.
Directory traversal
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1
CVE-2022-33714
3.3 - Low
- August 05, 2022
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1
CVE-2022-33723
6.1 - Medium
- August 05, 2022
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
Clickjacking
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1
CVE-2022-33727
6.1 - Medium
- August 05, 2022
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
Clickjacking
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1
CVE-2022-33716
4.4 - Medium
- August 05, 2022
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.
Use of Uninitialized Resource
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1
CVE-2022-33722
3.3 - Low
- August 05, 2022
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1
CVE-2022-33731
7.1 - High
- August 05, 2022
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation
CVE-2022-20230
5.5 - Medium
- July 13, 2022
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221859869
Improper Input Validation
There is a unauthorized broadcast in the SprdContactsProvider
CVE-2022-20217
6.5 - Medium
- July 13, 2022
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378
AuthZ
In multiple functions of StorageManagerService.java and UserManagerService.java
CVE-2022-20219
5.5 - Medium
- July 13, 2022
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613
Missing Encryption of Sensitive Data
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code
CVE-2022-20218
7.8 - High
- July 13, 2022
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044
Improper Privilege Management
android exported is used to set third-party app access permissions, and the default value of intent-filter is true
CVE-2022-20216
9.8 - Critical
- July 13, 2022
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack
CVE-2022-20212
7.8 - High
- July 13, 2022
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630
Clickjacking
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android So
CVE-2022-20236
7.5 - High
- July 13, 2022
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709
Buffer Overflow
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free
CVE-2022-20228
6.5 - Medium
- July 13, 2022
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213850092
Dangling pointer
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20222
9.8 - Critical
- July 13, 2022
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096
Memory Corruption
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation
CVE-2022-20221
6.5 - Medium
- July 13, 2022
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133
Out-of-bounds Read
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and
CVE-2022-20238
9.8 - Critical
- July 13, 2022
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555
Buffer Overflow
In Car Settings app, the NotificationAccessConfirmationActivity is exported
CVE-2022-20234
7.5 - High
- July 13, 2022
In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle (e.g. Settings app) to make users enable notification access permission for the malicious app. That is, users believe they enable the notification access permission for the Settings app, but actually they enable the notification access permission for the malicious app.Once the malicious app gets the notification access permission, it can read all notifications, including users' personal information.Product: AndroidVersions: Android-12LAndroid ID: A-225189301
Incorrect Permission Assignment for Critical Resource
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2022-20229
9.8 - Critical
- July 13, 2022
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184
Memory Corruption
In USB driver, there is a possible out of bounds read due to a heap buffer overflow
CVE-2022-20227
5.5 - Medium
- July 13, 2022
In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernel
Out-of-bounds Read
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation
CVE-2022-20226
3.9 - Low
- July 13, 2022
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870
Clickjacking
In getSubscriptionProperty of SubscriptionController.java
CVE-2022-20225
5.5 - Medium
- July 13, 2022
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213457638
AuthZ
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check
CVE-2022-20224
7.5 - High
- July 13, 2022
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646
Out-of-bounds Read
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java
CVE-2022-20223
7.8 - High
- July 13, 2022
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534
Externally Controlled Reference to a Resource in Another Sphere
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error
CVE-2022-20220
7.8 - High
- July 13, 2022
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-219015884
Directory traversal
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1
CVE-2022-33690
3.3 - Low
- July 12, 2022
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.
Directory traversal
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1
CVE-2022-33692
3.3 - Low
- July 12, 2022
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
Exposure of Resource to Wrong Sphere
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1
CVE-2022-33696
3.3 - Low
- July 12, 2022
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
Exposure of Resource to Wrong Sphere
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1
CVE-2022-33697
3.3 - Low
- July 12, 2022
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
Insertion of Sensitive Information into Log File
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1
CVE-2022-33698
3.3 - Low
- July 12, 2022
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
Exposure of Resource to Wrong Sphere
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1
CVE-2022-33699
2.3 - Low
- July 12, 2022
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
Exposure of Resource to Wrong Sphere
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1
CVE-2022-33700
2.3 - Low
- July 12, 2022
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
Exposure of Resource to Wrong Sphere
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1
CVE-2022-33693
2.3 - Low
- July 12, 2022
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
Insertion of Sensitive Information into Log File
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address
CVE-2022-30750
3.3 - Low
- July 12, 2022
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
Exposure of Resource to Wrong Sphere
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1
CVE-2022-33695
7.8 - High
- July 12, 2022
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.
Incorrect Permission Assignment for Critical Resource
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1
CVE-2022-33694
3.3 - Low
- July 12, 2022
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.
Exposure of Resource to Wrong Sphere
Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1
CVE-2022-33703
7.8 - High
- July 12, 2022
Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
Improper Input Validation
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1
CVE-2022-33702
5.5 - Medium
- July 12, 2022
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Android or by Google? Click the Watch button to subscribe.
