Android Security Vulnerabilities

CVE-2022-39109

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

CVE-2022-39110

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

CVE-2022-39111

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

CVE-2022-39112

In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-39113

In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-39114

In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-39115

In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-39116

In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39117

In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2022-39118

In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39119

In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed

CVE-2022-39120

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39121

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39122

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39123

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39124

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39125

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39126

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39127

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39128

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39129

In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39130

In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39131

In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.

CVE-2022-39132

In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39133

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

CVE-2022-39134

In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.

CVE-2022-39847

Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.

CVE-2022-39848

Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.

CVE-2022-39849

Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

CVE-2022-39850

Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

CVE-2022-39851

Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission.

CVE-2022-39852

A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.

CVE-2022-39853

A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.

CVE-2022-39854

Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.

CVE-2022-39855

Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.

CVE-2022-39856

Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information.

CVE-2022-39879

Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.

CVE-2022-39880

Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.

CVE-2022-39882

Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code.

CVE-2022-39883

Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API.

CVE-2022-39884

Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.

CVE-2022-39885

Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.

CVE-2022-39886

Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.

CVE-2022-39887

Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.

CVE-2022-39894

Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.

CVE-2022-39895

Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.

CVE-2022-39896

Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.

CVE-2022-39897

Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.

CVE-2022-39898

Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.

CVE-2022-39899

Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.