Out-of-bounds

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-1...

Code injection

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Design/Logic Flaw

In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:...

Out-of-bounds

In fdtpathoffsetnamelen of fdtro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

Input validation

In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Out-of-bounds

In BNEPConnectResp of bnepapi.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Code injection

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-0934

Summary: CVE-2021-0934 is a DoS in Android: in the function findAllDeAccounts of AccountsDb.java, causing resource exhaustion and local denial of service without extra privileges or user interaction. Affected products/versions include Android 10–13. The vulnerability’s impact is DoS; no exploit d...

CVE-2022-20470

In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-20486

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20485

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20474

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2022-14689 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a possible out of bounds read in the SendIncDecRestoreCmdPart2 function of NxpMfcReader.cc due to a missing bounds check. This could lead to local information...

CVE-2022-20498

Technical details for CVE-2022-20498 are not provided in the connected documents. The initial description mentions an out-of-bounds read in fdt_ro.c causing local information disclosure, but lacks concrete product/version data or mitigations beyond the Android bulletin reference. Monitor for upda...

CVE-2022-20471

CVE-2022-20471 involves an out-of-bounds read in SendIncDecRestoreCmdPart2 of NxpMfcReader.cc due to a missing bounds check. This can lead to local information disclosure on affected Android versions (Android 11–13). The issue does not require user interaction and does not grant remote code execu...

CVE-2022-20478

CVE-2022-20478 affects the Android NotificationChannel implementation (NotificationChannel.java) with a likely resource-exhaustion related failure to persist permissions, enabling local elevation of privilege without extra execution privileges. Affected products/versions include Android-10 throug...

CVE-2022-20449

In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20472

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-1...

CVE-2022-20491

CVE-2022-20491 affects Android devices via the NotificationChannel.java component. The issue is a resource exhaustion bug that can cause a failure to persist permission settings, enabling local elevation of privilege without user interaction. Affected: Android 10–13 (Android-10/11/12/12L/13). Imp...

CVE-2022-20479

CVE-2022-20479 affects Android’s NotificationChannel.java (NotificationChannel) and is categorized as an Elevation of Privilege (EoP) issue due to a resource exhaustion bug that can enable local privilege escalation without user interaction. Affected: Android-10 through Android-13; root cause is ...