Information disclosure

In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Memory corruption

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...

Out-of-bounds

In avrcctrlparsvendorcmd of avrcparsct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Session fixation

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...

Code injection

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

Path traversal

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid...

Privilege escalation

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Input validation

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Code injection

In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitle e.g. Settings app to make users enable...

Out-of-bounds

In ATSKIPREST of btahfclientat.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20234

CVE-2022-20234 affects Android 12L in the Car/AAOS context where the NotificationAccessConfirmationActivity is exported. An unprivileged app can supply a malicious component name while presenting a benign package title (e.g., Settings) to persuade users to grant notification access to the malicio...

CVE-2022-20230

CVE-2022-20230 affects Android 10–12 (including 12L). In KeyChain.java, choosePrivateKeyAlias, improper input validation may allow access to the user’s certificate, enabling local information disclosure. Exploitation requires user interaction and does not grant additional execution privileges. Th...

CVE-2022-20229

CVE-2022-20229 affects Android 10–12 (including 12L). The issue is an out-of-bounds write in bta_hf_client_at.cc (function: bta_hf_client_handle_cind_list_item) caused by a missing bounds check. This can enable remote code execution with Network access and no user interaction. CVSS v3 base score ...

CVE-2022-20228

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-20226

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-20222

In readattrvalue of gattdb.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID...

CVE-2022-20220

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid...

CVE-2022-20219

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...

CVE-2022-20219

CVE-2022-20219 affects Android Framework due to a logic error in StorageManagerService.java and UserManagerService.java that can leave user directories unencrypted, causing local information disclosure without extra privileges or user interaction. The issue is documented for Android-10, Android-1...

CVE-2022-20218

CVE-2022-20218 affects Android 12/12L, with the PermissionController component vulnerable due to a logic error that can allow obtaining and retaining permissions without user consent. This yields local elevation of privilege and, per sources, requires user interaction to exploit. AOSP/Android Bul...