CVE-2022-42523

CVE-2022-42523 affects Android’s ril_service_1_6.cpp in the kernel’s RIL stack, with an out-of-bounds write caused by an incorrect bounds check in fillSetupDataCallInfo_V1_6. The vulnerability enables local escalation of privilege with System execution privileges required; exploitation reportedly...

CVE-2022-20585

CVE-2022-20585 affects the Android kernel component drm_access_control.c, specifically the function valid_out_of_special_sec_dram_addr. The issue is an elevation of privilege due to improper input validation, enabling local privilege escalation with no extra user interaction. Exploitation details...

CVE-2022-20605

CVE-2022-20605 affects the Android kernel component SAECOMM_Utility.c, specifically the SAECOMM_CopyBufferBytes function. The underlying issue is an incorrect bounds check that enables an out-of-bounds read, leading to potential remote information disclosure without requiring additional privilege...

CVE-2022-42513

In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-42512

In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

CVE-2022-42515

In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-42514

In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-42507

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20610

In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A...

CVE-2022-42505

In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

CVE-2022-20570

Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A...

PT-2022-14790 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to improper input validation in the page number of shared mem.c, which could lead to code execution in the secure world. This may result in local escalation of privilege without requiring...

CVE-2022-20602

Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A...

CVE-2022-20587

CVE-2022-20587 affects Android devices via an issue in the Android kernel, in drm_fw.c within the ppmp_validate_wsm function. The vulnerability arises from improper input validation, enabling local privilege escalation with no additional privileges and no user interaction required. The CVSS vecto...

PT-2022-26489 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a missing null check in the cd SsParseMsg function of cd SsCodec.c. This could lead to a crash, resulting in a remote denial of service. No additional execution privileges are needed for...

PT-2022-14811 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write due to a missing bounds check in the SetDecompContextDb function of RohcDeCompContextOfRbId.cpp. This could lead to remote code execution with System execution...

CVE-2022-20600

CVE-2022-20600 affects the Android kernel LWIS component. The issue is described as a memory corruption out-of-bounds write that could enable local privilege escalation to SYSTEM with no user interaction required. The available documents consistently note this as a local attack surface on Android...

CVE-2022-20606

The CVE-2022-20606 entry concerns SAEMM_MiningCodecTableWithMsgIE in SAEMM_RadioMessageCodec.c, where a missing bounds check can cause an out-of-bounds read. This could enable remote information disclosure with system privileges required. User interaction is not required. Connected sources confir...

PT-2022-14787 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a logic error in the Pixel camera driver code, which can lead to a use after free scenario. This could result in local escalation of privilege, requiring System execution privileges. No user...

CVE-2022-20581

In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...