UBUNTU-CVE-2022-20369

In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid...

Out-of-bounds

In several functions of maligrallocreference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Out-of-bounds

In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Integer overflow

In constructtransaction of lwisioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Race condition

In st21nfclocsetpolaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20158

In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

CVE-2022-20368

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel...

UBUNTU-CVE-2022-20368

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel...

CVE-2022-20406

CVE-2022-20406 is present in Pixel/Android kernel entries with Type ID (Information disclosure) affecting the Modem component. The connected Pixel bulletin confirms the CVE exists but provides no public exploit details or remediation in the provided documents. No additional technical specifics (v...

CVE-2022-20383

In AllocateInternalBuffers of g3aabufferallocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20383

CVE-2022-20383 affects the Android kernel via AllocateInternalBuffers in g3aa_buffer_allocator.cc, where an integer overflow can cause an out-of-bounds write. This enables local privilege escalation with no extra user interaction required. Documents indicate the issue exists in the Android kernel...

CVE-2022-20379

In lwisbufferalloc of lwisbuffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20378

Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A...

CVE-2022-20378

CVE-2022-20378 affects Android kernel and Pixel modem. The Pixel security bulletin lists it under the Kernel/Modem category as an Elevation of Privilege (EoP) issue with “Modem” as the component and indicates a high-severity impact, corroborated by NVD’s CVSS v3.1 base score of 9.8 (CRITICAL) wit...

CVE-2022-20376

In trustylogseqstart of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20375

In LteRrcNrProAsnDecode of LteRrcNrCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

CVE-2022-20373

CVE-2022-20373 affects the Android kernel, specifically the st21nfc_loc_set_polaritymode function in fc/st21nfc.c. The issue is a use-after-free caused by a race condition, enabling local elevation of privilege with SYSTEM privileges required and no user interaction needed. Connected sources (Red...

CVE-2022-20372

In exynos5i2cirq of TBD, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20372

In exynos5i2cirq of TBD, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-20371

Summary: CVE-2022-20371 affects the Android kernel, specifically the dm_bow_dtr path in dm-bow.c, due to a race-condition use-after-free. The vulnerability enables local escalation of privilege to System by exploiting a race condition, with no user interaction required. Documents consistently des...