Out-of-bounds

In avrcctrlparsvendorcmd of avrcparsct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Privilege escalation

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Memory corruption

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...

Input validation

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Out-of-bounds

In ATSKIPREST of btahfclientat.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Out-of-bounds

In readattrvalue of gattdb.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID...

CVE-2022-20230

CVE-2022-20230 affects Android 10–12 (including 12L). In KeyChain.java, choosePrivateKeyAlias, improper input validation may allow access to the user’s certificate, enabling local information disclosure. Exploitation requires user interaction and does not grant additional execution privileges. Th...

CVE-2022-20229

CVE-2022-20229 affects Android 10–12 (including 12L). The issue is an out-of-bounds write in bta_hf_client_at.cc (function: bta_hf_client_handle_cind_list_item) caused by a missing bounds check. This can enable remote code execution with Network access and no user interaction. CVSS v3 base score ...

CVE-2022-20228

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-20226

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-20222

In readattrvalue of gattdb.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID...

CVE-2022-20220

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid...

CVE-2022-20219

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...

CVE-2022-20219

CVE-2022-20219 affects Android Framework due to a logic error in StorageManagerService.java and UserManagerService.java that can leave user directories unencrypted, causing local information disclosure without extra privileges or user interaction. The issue is documented for Android-10, Android-1...

CVE-2022-20218

CVE-2022-20218 affects Android 12/12L, with the PermissionController component vulnerable due to a logic error that can allow obtaining and retaining permissions without user consent. This yields local elevation of privilege and, per sources, requires user interaction to exploit. AOSP/Android Bul...

CVE-2022-20218

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Google Android 后置链接漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which originates from a Unix symbolic link symlink in the sound driver, and can be exploited by an attacker to gain access to local information, the following products...

CVE-2022-20143

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-...

CVE-2022-20142

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Design/Logic Flaw

In ACTIONMANAGEDPROFILEPROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGEDPROFILEPROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...