Code injection

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Code injection

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Code injection

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Input validation

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

Design/Logic Flaw

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

Type confusion

In pinReplyNative of comandroidbluetoothbtserviceAdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Information disclosure

The logs of sensitive information PII or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey directly in logs, whic...

CVE-2022-20458

CVE-2022-20458 affects Android (Android-12L). The vulnerability is an information disclosure in logs: StatusBarNotification.getKey() may print sensitive data (PII or hardware identifiers) via CarNotificationListener.java in Android "user" builds, exposing user account names. Affected component ap...

CVE-2022-20490

CVE-2022-20490 affects Android devices via the file AutomaticZenRule.java, with a vulnerability caused by resource exhaustion that can cause a failure to persist permissions settings. The impact is a local escalation of privilege, requiring local access with no additional execution privileges and...

CVE-2022-20492

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20493

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-20908

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

CVE-2022-20458

The logs of sensitive information PII or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey directly in logs, whic...

CVE-2022-20489

Summary: CVE-2022-20489 describes an elevation-of-privilege issue in Android related to AutomaticZenRule.java, allowing local escalation without extra execution privileges and no user interaction. Affected software: Android devices (Android-10 to Android-13) as listed in the CVE entry and Android...

CVE-2022-20456

CVE-2022-20456 : In AutomaticZenRule.java, there is a vulnerability due to a failure to persist permissions settings caused by resource exhaustion, which could lead to local elevation of privilege with no additional execution privileges needed. Affected: Android 10–13 (Android-10, Android-11, And...

CVE-2022-20494

The CVE-2022-20494 issue affects Android (Android 10–13) and involves the AutomaticZenRule component (AutomaticZenRule.java). The described vulnerability is a possible persistent DoS caused by resource exhaustion, enabling a local denial of service with no user interaction required. Impact is lim...

CVE-2022-20493

CVE-2022-20493 affects Android 10–13 (Android-10 to Android-13) via Condition.java, where improper input validation could grant notification access and cause local elevation of privilege. Exploitation requires user interaction; no additional execution privileges are needed. Patch references point...

CVE-2023-20915

CVE-2023-20915 concerns a logic error in PhoneAccountRegistrar.java (Android framework) that can allow enabling a phone account without user interaction. The issue enables local escalation of privilege with no additional execution privileges, impacting Android 10–13 per the CVE record. The proble...

CVE-2023-20921

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...