Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2022-2234
Vulnerability from csaf_certbund
Published
2022-12-05 23:00
Modified
2023-04-10 22:00
Summary
Android Patchday Dezember 2022
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem von Google ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Android
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Das Android Betriebssystem von Google ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Android", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2234 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2234.json" }, { "category": "self", "summary": "WID-SEC-2022-2234 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2234" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:1801-1 vom 2023-04-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014437.html" }, { "category": "external", "summary": "Android Security BulletinDecember 2022 vom 2022-12-05", "url": "https://source.android.com/docs/security/bulletin/2022-12-01" }, { "category": "external", "summary": "Pixel Update BulletinDecember2022 vom 2022-12-05", "url": "https://source.android.com/docs/security/bulletin/pixel/2022-12-01" } ], "source_lang": "en-US", "title": "Android Patchday Dezember 2022", "tracking": { "current_release_date": "2023-04-10T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:05:10.560+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-2234", "initial_release_date": "2022-12-05T23:00:00.000+00:00", "revision_history": [ { "date": "2022-12-05T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-04-10T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Google Android 12L", "product": { "name": "Google Android 12L", "product_id": "1185256", "product_identification_helper": { "cpe": "cpe:/o:google:android:12l" } } }, { "category": "product_name", "name": "Google Android 11", "product": { "name": "Google Android 11", "product_id": "T017166", "product_identification_helper": { "cpe": "cpe:/o:google:android:11" } } }, { "category": "product_name", "name": "Google Android 10", "product": { "name": "Google Android 10", "product_id": "T019738", "product_identification_helper": { "cpe": "cpe:/o:google:android:10" } } }, { "category": "product_name", "name": "Google Android 12", "product": { "name": "Google Android 12", "product_id": "T020881", "product_identification_helper": { "cpe": "cpe:/o:google:android:12" } } }, { "category": "product_name", "name": "Google Android 13", "product": { "name": "Google Android 13", "product_id": "T024488", "product_identification_helper": { "cpe": "cpe:/o:google:android:13" } } } ], "category": "product_name", "name": "Android" } ], "category": "vendor", "name": "Google" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-0934", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2021-0934" }, { "cve": "CVE-2021-30348", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2021-30348" }, { "cve": "CVE-2021-39617", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2021-39617" }, { "cve": "CVE-2021-39660", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2021-39660" }, { "cve": "CVE-2021-39771", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2021-39771" }, { "cve": "CVE-2021-39795", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2021-39795" }, { "cve": "CVE-2022-0500", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-0500" }, { "cve": "CVE-2022-1116", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-1116" }, { "cve": "CVE-2022-1419", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-1419" }, { "cve": "CVE-2022-20124", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20124" }, { "cve": "CVE-2022-20144", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20144" }, { "cve": "CVE-2022-20199", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20199" }, { "cve": "CVE-2022-20240", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20240" }, { "cve": "CVE-2022-20411", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20411" }, { "cve": "CVE-2022-20442", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20442" }, { "cve": "CVE-2022-20444", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20444" }, { "cve": "CVE-2022-20449", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20449" }, { "cve": "CVE-2022-20466", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20466" }, { "cve": "CVE-2022-20468", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20468" }, { "cve": "CVE-2022-20469", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20469" }, { "cve": "CVE-2022-20470", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20470" }, { "cve": "CVE-2022-20471", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20471" }, { "cve": "CVE-2022-20472", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20472" }, { "cve": "CVE-2022-20473", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20473" }, { "cve": "CVE-2022-20474", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20474" }, { "cve": "CVE-2022-20475", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20475" }, { "cve": "CVE-2022-20476", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20476" }, { "cve": "CVE-2022-20477", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20477" }, { "cve": "CVE-2022-20478", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20478" }, { "cve": "CVE-2022-20479", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20479" }, { "cve": "CVE-2022-20480", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20480" }, { "cve": "CVE-2022-20482", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20482" }, { "cve": "CVE-2022-20483", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20483" }, { "cve": "CVE-2022-20484", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20484" }, { "cve": "CVE-2022-20485", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20485" }, { "cve": "CVE-2022-20486", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20486" }, { "cve": "CVE-2022-20487", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20487" }, { "cve": "CVE-2022-20488", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20488" }, { "cve": "CVE-2022-20491", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20491" }, { "cve": "CVE-2022-20495", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20495" }, { "cve": "CVE-2022-20496", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20496" }, { "cve": "CVE-2022-20497", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20497" }, { "cve": "CVE-2022-20498", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20498" }, { "cve": "CVE-2022-20499", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20499" }, { "cve": "CVE-2022-20500", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20500" }, { "cve": "CVE-2022-20501", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20501" }, { "cve": "CVE-2022-20502", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20502" }, { "cve": "CVE-2022-20503", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20503" }, { "cve": "CVE-2022-20504", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20504" }, { "cve": "CVE-2022-20505", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20505" }, { "cve": "CVE-2022-20506", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20506" }, { "cve": "CVE-2022-20507", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20507" }, { "cve": "CVE-2022-20508", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20508" }, { "cve": "CVE-2022-20509", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20509" }, { "cve": "CVE-2022-20510", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20510" }, { "cve": "CVE-2022-20511", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20511" }, { "cve": "CVE-2022-20512", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20512" }, { "cve": "CVE-2022-20513", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20513" }, { "cve": "CVE-2022-20514", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20514" }, { "cve": "CVE-2022-20515", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20515" }, { "cve": "CVE-2022-20516", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20516" }, { "cve": "CVE-2022-20517", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20517" }, { "cve": "CVE-2022-20518", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20518" }, { "cve": "CVE-2022-20519", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20519" }, { "cve": "CVE-2022-20520", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20520" }, { "cve": "CVE-2022-20521", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20521" }, { "cve": "CVE-2022-20522", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20522" }, { "cve": "CVE-2022-20523", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20523" }, { "cve": "CVE-2022-20524", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20524" }, { "cve": "CVE-2022-20525", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20525" }, { "cve": "CVE-2022-20526", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20526" }, { "cve": "CVE-2022-20527", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20527" }, { "cve": "CVE-2022-20528", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20528" }, { "cve": "CVE-2022-20529", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20529" }, { "cve": "CVE-2022-20530", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20530" }, { "cve": "CVE-2022-20531", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20531" }, { "cve": "CVE-2022-20533", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20533" }, { "cve": "CVE-2022-20535", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20535" }, { "cve": "CVE-2022-20536", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20536" }, { "cve": "CVE-2022-20537", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20537" }, { "cve": "CVE-2022-20538", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20538" }, { "cve": "CVE-2022-20539", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20539" }, { "cve": "CVE-2022-20540", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20540" }, { "cve": "CVE-2022-20541", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20541" }, { "cve": "CVE-2022-20543", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20543" }, { "cve": "CVE-2022-20544", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20544" }, { "cve": "CVE-2022-20545", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20545" }, { "cve": "CVE-2022-20546", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20546" }, { "cve": "CVE-2022-20547", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20547" }, { "cve": "CVE-2022-20548", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20548" }, { "cve": "CVE-2022-20549", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20549" }, { "cve": "CVE-2022-20550", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20550" }, { "cve": "CVE-2022-20552", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20552" }, { "cve": "CVE-2022-20553", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20553" }, { "cve": "CVE-2022-20554", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20554" }, { "cve": "CVE-2022-20555", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20555" }, { "cve": "CVE-2022-20556", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20556" }, { "cve": "CVE-2022-20557", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20557" }, { "cve": "CVE-2022-20558", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20558" }, { "cve": "CVE-2022-20559", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20559" }, { "cve": "CVE-2022-20560", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20560" }, { "cve": "CVE-2022-20561", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20561" }, { "cve": "CVE-2022-20562", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20562" }, { "cve": "CVE-2022-20563", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20563" }, { "cve": "CVE-2022-20564", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20564" }, { "cve": "CVE-2022-20565", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20565" }, { "cve": "CVE-2022-20566", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20566" }, { "cve": "CVE-2022-20567", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20567" }, { "cve": "CVE-2022-20568", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20568" }, { "cve": "CVE-2022-20569", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20569" }, { "cve": "CVE-2022-20570", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20570" }, { "cve": "CVE-2022-20571", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20571" }, { "cve": "CVE-2022-20572", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20572" }, { "cve": "CVE-2022-20573", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20573" }, { "cve": "CVE-2022-20574", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20574" }, { "cve": "CVE-2022-20575", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20575" }, { "cve": "CVE-2022-20576", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20576" }, { "cve": "CVE-2022-20577", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20577" }, { "cve": "CVE-2022-20578", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20578" }, { "cve": "CVE-2022-20579", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20579" }, { "cve": "CVE-2022-20580", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20580" }, { "cve": "CVE-2022-20581", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20581" }, { "cve": "CVE-2022-20582", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20582" }, { "cve": "CVE-2022-20583", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20583" }, { "cve": "CVE-2022-20584", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20584" }, { "cve": "CVE-2022-20585", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20585" }, { "cve": "CVE-2022-20586", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20586" }, { "cve": "CVE-2022-20587", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20587" }, { "cve": "CVE-2022-20588", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20588" }, { "cve": "CVE-2022-20589", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20589" }, { "cve": "CVE-2022-20590", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20590" }, { "cve": "CVE-2022-20591", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20591" }, { "cve": "CVE-2022-20592", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20592" }, { "cve": "CVE-2022-20593", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20593" }, { "cve": "CVE-2022-20594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20594" }, { "cve": "CVE-2022-20595", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20595" }, { "cve": "CVE-2022-20596", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20596" }, { "cve": "CVE-2022-20597", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20597" }, { "cve": "CVE-2022-20598", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20598" }, { "cve": "CVE-2022-20599", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20599" }, { "cve": "CVE-2022-20600", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20600" }, { "cve": "CVE-2022-20601", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20601" }, { "cve": "CVE-2022-20602", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20602" }, { "cve": "CVE-2022-20603", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20603" }, { "cve": "CVE-2022-20604", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20604" }, { "cve": "CVE-2022-20605", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20605" }, { "cve": "CVE-2022-20606", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20606" }, { "cve": "CVE-2022-20607", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20607" }, { "cve": "CVE-2022-20608", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20608" }, { "cve": "CVE-2022-20609", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20609" }, { "cve": "CVE-2022-20610", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20610" }, { "cve": "CVE-2022-20611", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-20611" }, { "cve": "CVE-2022-23960", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-23960" }, { "cve": "CVE-2022-25672", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25672" }, { "cve": "CVE-2022-25673", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25673" }, { "cve": "CVE-2022-25675", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25675" }, { "cve": "CVE-2022-25677", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25677" }, { "cve": "CVE-2022-25681", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25681" }, { "cve": "CVE-2022-25682", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25682" }, { "cve": "CVE-2022-25685", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25685" }, { "cve": "CVE-2022-25689", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25689" }, { "cve": "CVE-2022-25691", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25691" }, { "cve": "CVE-2022-25692", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25692" }, { "cve": "CVE-2022-25695", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25695" }, { "cve": "CVE-2022-25697", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25697" }, { "cve": "CVE-2022-25698", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25698" }, { "cve": "CVE-2022-25702", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-25702" }, { "cve": "CVE-2022-28390", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-28390" }, { "cve": "CVE-2022-30594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-30594" }, { "cve": "CVE-2022-32594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-32594" }, { "cve": "CVE-2022-32596", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-32596" }, { "cve": "CVE-2022-32597", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-32597" }, { "cve": "CVE-2022-32598", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-32598" }, { "cve": "CVE-2022-32619", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-32619" }, { "cve": "CVE-2022-32620", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-32620" }, { "cve": "CVE-2022-33235", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-33235" }, { "cve": "CVE-2022-33238", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-33238" }, { "cve": "CVE-2022-33268", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-33268" }, { "cve": "CVE-2022-34494", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-34494" }, { "cve": "CVE-2022-34495", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-34495" }, { "cve": "CVE-2022-39106", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-39106" }, { "cve": "CVE-2022-39129", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-39129" }, { "cve": "CVE-2022-39130", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-39130" }, { "cve": "CVE-2022-39131", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-39131" }, { "cve": "CVE-2022-39132", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-39132" }, { "cve": "CVE-2022-39133", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-39133" }, { "cve": "CVE-2022-39134", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-39134" }, { "cve": "CVE-2022-42501", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42501" }, { "cve": "CVE-2022-42502", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42502" }, { "cve": "CVE-2022-42503", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42503" }, { "cve": "CVE-2022-42504", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42504" }, { "cve": "CVE-2022-42505", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42505" }, { "cve": "CVE-2022-42506", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42506" }, { "cve": "CVE-2022-42507", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42507" }, { "cve": "CVE-2022-42508", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42508" }, { "cve": "CVE-2022-42509", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42509" }, { "cve": "CVE-2022-42510", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42510" }, { "cve": "CVE-2022-42511", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42511" }, { "cve": "CVE-2022-42512", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42512" }, { "cve": "CVE-2022-42513", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42513" }, { "cve": "CVE-2022-42514", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42514" }, { "cve": "CVE-2022-42515", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42515" }, { "cve": "CVE-2022-42516", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42516" }, { "cve": "CVE-2022-42517", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42517" }, { "cve": "CVE-2022-42518", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42518" }, { "cve": "CVE-2022-42519", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42519" }, { "cve": "CVE-2022-42520", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42520" }, { "cve": "CVE-2022-42521", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42521" }, { "cve": "CVE-2022-42522", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42522" }, { "cve": "CVE-2022-42523", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42523" }, { "cve": "CVE-2022-42524", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42524" }, { "cve": "CVE-2022-42525", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42525" }, { "cve": "CVE-2022-42526", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42526" }, { "cve": "CVE-2022-42527", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42527" }, { "cve": "CVE-2022-42529", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42529" }, { "cve": "CVE-2022-42530", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42530" }, { "cve": "CVE-2022-42531", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42531" }, { "cve": "CVE-2022-42532", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42532" }, { "cve": "CVE-2022-42534", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42534" }, { "cve": "CVE-2022-42535", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42535" }, { "cve": "CVE-2022-42542", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42542" }, { "cve": "CVE-2022-42754", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42754" }, { "cve": "CVE-2022-42755", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42755" }, { "cve": "CVE-2022-42756", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42756" }, { "cve": "CVE-2022-42770", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42770" }, { "cve": "CVE-2022-42771", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42771" }, { "cve": "CVE-2022-42772", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Google Android. Die Fehler bestehen in den Komponenten Framework, Media Framework, System, Google Play System Updates, Kernel, Imagination Technologies, MediaTek, Unisoc, Qualcomm, Qualcomm closed-source und Pixel. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T002207", "T019738", "1185256", "T024488", "T020881", "T017166" ] }, "release_date": "2022-12-05T23:00:00Z", "title": "CVE-2022-42772" } ] }
cve-2021-39660
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-04 02:13
Severity ?
EPSS score ?
Summary
In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-254742984
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:13:37.771Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android SoC" } ] } ], "descriptions": [ { "lang": "en", "value": "In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-254742984" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2021-39660", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-08-23T00:00:00", "dateUpdated": "2024-08-04T02:13:37.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20535
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.718Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20535", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.718Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20483
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20483", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20503
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20503", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20536
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.828Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20536", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.828Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20549
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20549", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20579
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20579", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20568
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20568", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20488
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20488", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20519
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20519", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20583
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20583", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.896Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42754
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.482Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-42754", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:10:41.482Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42527
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.219Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42527", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.219Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42511
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762712References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.004Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762712References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42511", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.004Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25675
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile |
Version: AQT1000 Version: QCA6310 Version: QCA6320 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6430 Version: QCM6490 Version: QCS6490 Version: QCX315 Version: SD480 Version: SD690 5G Version: SD695 Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD835 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 5G Version: SDX55 Version: SDX55M Version: SDX65 Version: SM7250P Version: SM7325P Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.719Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Reachable Assertion in Data Modem", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25675", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.719Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33268
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Version: APQ8009 Version: APQ8017 Version: AR8031 Version: CSRA6620 Version: CSRA6640 Version: MDM9206 Version: MDM9250 Version: MDM9607 Version: MDM9628 Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6426 Version: QCA6436 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595AU Version: QCA6696 Version: QCA8337 Version: QCA9367 Version: QCA9377 Version: QCC5100 Version: QCN9011 Version: QCN9012 Version: QCN9074 Version: QCS405 Version: QCS410 Version: QCS605 Version: QCS610 Version: QRB5165 Version: QRB5165M Version: QRB5165N Version: Qualcomm215 Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SD 8 Gen1 5G Version: SD205 Version: SD210 Version: SD429 Version: SD660 Version: SD835 Version: SD845 Version: SD865 5G Version: SD870 Version: SDM429W Version: SDX24 Version: SDX55 Version: SDX55M Version: SDXR1 Version: SDXR2 5G Version: SW5100 Version: SW5100P Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3998 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.562Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer over-read in Bluetooth HOST", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33268", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-06-14T00:00:00", "dateUpdated": "2024-08-03T08:01:20.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42755
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8023 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.476Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8023", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "cwe-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-42755", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:10:41.476Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20587
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.900Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20587", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.900Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20411
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-232023771
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-232023771" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20411", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20563
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.941Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20563", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.941Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39132
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-39132", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T11:10:32.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42505
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232492References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:40.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232492References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42505", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:40.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20605
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.909Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20605", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20199
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:02
Severity ?
EPSS score ?
Summary
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:02:30.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20199", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:02:30.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20539
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.571Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20539", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20499
Vulnerability from cvelistv5
Published
2023-03-24 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246539931
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-03-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246539931" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-03-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20499", "datePublished": "2023-03-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.337Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20509
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.931Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20509", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.931Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20610
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.909Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20610", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20560
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.861Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20560", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39106
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-39106", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T11:10:32.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20556
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20556", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42501
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.027Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42501", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.027Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42524
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.387Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42524", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.387Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20508
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20508", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42529
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42529", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20514
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.935Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20514", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.935Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42503
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231983References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.009Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231983References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42503", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.009Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42513
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763204References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.275Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763204References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42513", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.275Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25691
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Mobile |
Version: AR8035 Version: QCA8081 Version: QCA8337 Version: QCN6024 Version: QCN9024 Version: SD 8 Gen1 5G Version: SD480 Version: SD695 Version: SDX65 Version: SM4375 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3988 Version: WCN3998 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.663Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Reachable Assertion in MODEM", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25691", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.663Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20525
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.708Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20525", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.708Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42535
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42535", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.390Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20449
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239701237
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.937Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239701237" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20449", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.937Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20564
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.894Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20564", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.894Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42526
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509880References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.384Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509880References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42526", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.384Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20512
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20512", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42512
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763050References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.186Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763050References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42512", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.186Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42525
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509750References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509750References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42525", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20546
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.864Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20546", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25677
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
Version: APQ8096AU Version: AQT1000 Version: AR9380 Version: CSR8811 Version: IPQ4018 Version: IPQ4019 Version: IPQ4028 Version: IPQ4029 Version: IPQ5010 Version: IPQ5018 Version: IPQ5028 Version: IPQ6000 Version: IPQ6010 Version: IPQ6018 Version: IPQ6028 Version: IPQ8064 Version: IPQ8065 Version: IPQ8068 Version: IPQ8070 Version: IPQ8070A Version: IPQ8071A Version: IPQ8072A Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: IPQ9008 Version: IPQ9574 Version: MDM9150 Version: MDM9650 Version: MSM8996AU Version: PMP8074 Version: QCA4024 Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6426 Version: QCA6430 Version: QCA6436 Version: QCA6564 Version: QCA6564A Version: QCA6564AU Version: QCA6574A Version: QCA6574AU Version: QCA6595 Version: QCA6595AU Version: QCA7500 Version: QCA8072 Version: QCA8075 Version: QCA8081 Version: QCA8337 Version: QCA9880 Version: QCA9886 Version: QCA9888 Version: QCA9889 Version: QCA9898 Version: QCA9980 Version: QCA9984 Version: QCA9985 Version: QCA9990 Version: QCA9992 Version: QCA9994 Version: QCN5021 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5054 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN6023 Version: QCN6024 Version: QCN6100 Version: QCN6102 Version: QCN6112 Version: QCN6122 Version: QCN6132 Version: QCN9000 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 Version: QCS410 Version: QCS610 Version: QCS8155 Version: QSM8250 Version: Qualcomm215 Version: SA515M Version: SA6145P Version: SA6155P Version: SA8155P Version: SD 675 Version: SD205 Version: SD210 Version: SD429 Version: SD675 Version: SD678 Version: SD720G Version: SD730 Version: SD835 Version: SD845 Version: SD855 Version: SD865 5G Version: SD870 Version: SDA429W Version: SDM429W Version: SDX50M Version: SDX55 Version: SDX55M Version: SDXR2 5G Version: SM6250 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCN3610 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN6850 Version: WCN6851 Version: WSA8810 Version: WSA8815 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "IPQ4018" }, { "status": "affected", "version": "IPQ4019" }, { "status": "affected", "version": "IPQ4028" }, { "status": "affected", "version": "IPQ4029" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA7500" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9880" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9898" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS8155" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Use After Free in DIAG", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25677", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34494
Vulnerability from cvelistv5
Published
2022-06-26 15:28
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
References
▼ | URL | Tags |
---|---|---|
https://github.com/torvalds/linux/commit/1680939e9ecf7764fba8689cfb3429c2fe2bb23c | x_refsource_MISC | |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/1680939e9ecf7764fba8689cfb3429c2fe2bb23c" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-26T15:28:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/1680939e9ecf7764fba8689cfb3429c2fe2bb23c" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-34494", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/1680939e9ecf7764fba8689cfb3429c2fe2bb23c", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/1680939e9ecf7764fba8689cfb3429c2fe2bb23c" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-34494", "datePublished": "2022-06-26T15:28:19", "dateReserved": "2022-06-26T00:00:00", "dateUpdated": "2024-08-03T09:15:15.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20582
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20582", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.934Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42523
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376893References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376893References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42523", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20569
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20569", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39130
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.425Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-39130", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T11:10:32.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20597
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20597", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20562
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.880Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20562", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.880Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20485
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702935
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702935" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20485", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20520
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20520", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39795
Vulnerability from cvelistv5
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Pulled from Android ASB#2022-04 publication (https://source.android.com/security/bulletin/2022-04-01) due to a functional regression. We will re-release this CVE at a future date, in a future publication that is currently TB
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2022-06-07T19:37:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "rejectedReasons": [ { "lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Pulled from Android ASB#2022-04 publication (https://source.android.com/security/bulletin/2022-04-01) due to a functional regression. We will re-release this CVE at a future date, in a future publication that is currently TB" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2021-39795", "datePublished": "2022-04-12T16:11:40", "dateRejected": "2022-06-07T19:37:00", "dateReserved": "2021-08-23T00:00:00", "dateUpdated": "2022-06-07T19:37:00", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }
cve-2022-20574
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20574", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.875Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20475
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.937Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting=\"true\" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20475", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.937Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20522
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20522", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20602
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.970Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20602", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.970Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20484
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702851
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.114Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702851" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20484", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.114Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20510
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.878Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20510", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20511
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.671Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20511", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25681
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
Version: AQT1000 Version: AR8035 Version: QAM8295P Version: QCA6174A Version: QCA6310 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCA9377 Version: QCM6490 Version: QCN9011 Version: QCN9012 Version: QCS603 Version: QCS605 Version: QCS6490 Version: QRB5165 Version: QRB5165M Version: QRB5165N Version: QSM8350 Version: SA6145P Version: SA6155 Version: SA6155P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8295P Version: SA8540P Version: SA9000P Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8CX Version: SD 8cx Gen2 Version: SD 8cx Gen3 Version: SD670 Version: SD675 Version: SD678 Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD845 Version: SD850 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SD888 5G Version: SDX24 Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX57M Version: SDX65 Version: SDXR2 5G Version: SM7250P Version: SM7315 Version: SM7325P Version: WCD9326 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3950 Version: WCN3980 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.776Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SA8540P" }, { "status": "affected", "version": "SA9000P" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8CX" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX57M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Access Control in KERNEL", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25681", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.776Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20516
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.727Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20516", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25697
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Mobile, Snapdragon Wearables |
Version: SD 8 Gen1 5G Version: SD429 Version: SDA429W Version: SDM429W Version: WCD9380 Version: WCN3610 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3980 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:42.667Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Mobile, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Input Validation in i2c Buses", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25697", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:49:42.667Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20487
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703202
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703202" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20487", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.039Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20600
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20600", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25695
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Version: APQ8009 Version: APQ8009W Version: APQ8017 Version: APQ8037 Version: APQ8052 Version: APQ8056 Version: APQ8076 Version: APQ8096AU Version: AQT1000 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: FSM10055 Version: MDM8207 Version: MDM9150 Version: MDM9205 Version: MDM9206 Version: MDM9207 Version: MDM9230 Version: MDM9250 Version: MDM9330 Version: MDM9607 Version: MDM9628 Version: MDM9630 Version: MDM9640 Version: MDM9650 Version: MSM8108 Version: MSM8208 Version: MSM8209 Version: MSM8608 Version: MSM8909W Version: MSM8917 Version: MSM8920 Version: MSM8937 Version: MSM8940 Version: MSM8952 Version: MSM8956 Version: MSM8976 Version: MSM8976SG Version: MSM8996AU Version: QCA4004 Version: QCA6174 Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584 Version: QCA6584AU Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCA9367 Version: QCA9377 Version: QCA9379 Version: QCC5100 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCM6490 Version: QCN6024 Version: QCN9024 Version: QCS2290 Version: QCS405 Version: QCS410 Version: QCS4290 Version: QCS603 Version: QCS605 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QCX315 Version: QET4101 Version: QSW8573 Version: Qualcomm215 Version: SA415M Version: SA515M Version: SC8180X+SDX55 Version: SD 455 Version: SD 636 Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8cx Gen2 Version: SD205 Version: SD210 Version: SD429 Version: SD439 Version: SD450 Version: SD460 Version: SD480 Version: SD625 Version: SD626 Version: SD632 Version: SD660 Version: SD662 Version: SD665 Version: SD670 Version: SD675 Version: SD678 Version: SD680 Version: SD690 5G Version: SD695 Version: SD710 Version: SD712 Version: SD720G Version: SD730 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD7c Version: SD820 Version: SD821 Version: SD835 Version: SD845 Version: SD850 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SD888 5G Version: SDA429W Version: SDM429W Version: SDM630 Version: SDW2500 Version: SDX12 Version: SDX20 Version: SDX24 Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX57M Version: SDX65 Version: SDXR1 Version: SDXR2 5G Version: SM4375 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: SW5100 Version: SW5100P Version: WCD9306 Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:42.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8009W" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8037" }, { "status": "affected", "version": "APQ8052" }, { "status": "affected", "version": "APQ8056" }, { "status": "affected", "version": "APQ8076" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "FSM10055" }, { "status": "affected", "version": "MDM8207" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "MDM9205" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9207" }, { "status": "affected", "version": "MDM9230" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9330" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9630" }, { "status": "affected", "version": "MDM9640" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8909W" }, { "status": "affected", "version": "MSM8917" }, { "status": "affected", "version": "MSM8920" }, { "status": "affected", "version": "MSM8937" }, { "status": "affected", "version": "MSM8940" }, { "status": "affected", "version": "MSM8952" }, { "status": "affected", "version": "MSM8956" }, { "status": "affected", "version": "MSM8976" }, { "status": "affected", "version": "MSM8976SG" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "QCA4004" }, { "status": "affected", "version": "QCA6174" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QET4101" }, { "status": "affected", "version": "QSW8573" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 455" }, { "status": "affected", "version": "SD 636" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD439" }, { "status": "affected", "version": "SD450" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD632" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD712" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD820" }, { "status": "affected", "version": "SD821" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDM630" }, { "status": "affected", "version": "SDW2500" }, { "status": "affected", "version": "SDX12" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX57M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "WCD9306" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Validation of Array Index in MODEM", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25695", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:49:42.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20538
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.928Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20538", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.928Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32598
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.547Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 10.0, 11.0, 12.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-05T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32598", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.547Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20526
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.650Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20526", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.650Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20577
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20577", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42507
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.013Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42507", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.013Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20477
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20477", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20553
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20553", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20470
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234013191
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234013191" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20470", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20609
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239240808References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:53.011Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239240808References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20609", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:53.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20572
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20572", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20585
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20585", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.875Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25672
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Mobile |
Version: AR8035 Version: QCA8081 Version: QCA8337 Version: QCN6024 Version: QCN9024 Version: SD 8 Gen1 5G Version: SD480 Version: SD695 Version: SDX65 Version: SM4375 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3988 Version: WCN3998 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Reachable Assertion in MODEM", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25672", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42506
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388399References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.023Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388399References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42506", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.023Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42510
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762656References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.030Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762656References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42510", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.030Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20513
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20513", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20554
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.853Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20554", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.853Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20567
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.887Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20567", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.887Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25685
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
Version: APQ8009 Version: APQ8017 Version: APQ8037 Version: AQT1000 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: MSM8108 Version: MSM8208 Version: MSM8209 Version: MSM8608 Version: MSM8917 Version: MSM8937 Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6390 Version: QCA6391 Version: QCA6421 Version: QCA6426 Version: QCA6431 Version: QCA6436 Version: QCA6574A Version: QCA6574AU Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCC5100 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCM6490 Version: QCN6024 Version: QCN9024 Version: QCS2290 Version: QCS405 Version: QCS410 Version: QCS4290 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QCX315 Version: SA515M Version: SD 675 Version: SD 8 Gen1 5G Version: SD205 Version: SD210 Version: SD429 Version: SD439 Version: SD460 Version: SD480 Version: SD662 Version: SD665 Version: SD675 Version: SD678 Version: SD680 Version: SD690 5G Version: SD695 Version: SD720G Version: SD730 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD7c Version: SD820 Version: SD821 Version: SD835 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SD888 5G Version: SDA429W Version: SDM429W Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX57M Version: SDX65 Version: SDXR2 5G Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: SW5100 Version: SW5100P Version: WCD9326 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.608Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8037" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8917" }, { "status": "affected", "version": "MSM8937" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD439" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD820" }, { "status": "affected", "version": "SD821" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX57M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Authentication in Modem", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25685", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.608Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42756
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.424Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Classic Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-42756", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:10:41.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20240
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:02
Severity ?
EPSS score ?
Summary
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:02:31.001Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-12 Android-12L" } ] } ], "descriptions": [ { "lang": "en", "value": "In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20240", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:02:31.001Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20590
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20590", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20473
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20473", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20531
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-12-03 14:36
Severity ?
EPSS score ?
Summary
In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.888Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20531", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-01-19T20:34:33.603734Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T14:36:32.654Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:05.843Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20531", "datePublished": "2023-10-30T16:18:54.199Z", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-12-03T14:36:32.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20507
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20507", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20442
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-176094367
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level \u003c 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-176094367" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20442", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.938Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20530
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20530", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32620
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MediaTek, Inc. | MT6781, MT6789, MT6833, MT6853, MT6873, MT6877, MT8781, MT8791 |
Version: Android 11.0, 12.0, 13.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:45.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6781, MT6789, MT6833, MT6853, MT6873, MT6877, MT8781, MT8791", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 11.0, 12.0, 13.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-05T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32620", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:45.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42515
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763503References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.251Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763503References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42515", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39133
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8022 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8022", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "cwe-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-39133", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T11:10:32.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20547
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20547", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20543
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20543", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.893Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20593
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415809References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.935Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415809References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20593", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.935Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20596
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700400References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700400References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20596", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25698
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Mobile, Snapdragon Wearables |
Version: SD 8 Gen1 5G Version: SD429 Version: SDA429W Version: SDM429W Version: WCD9380 Version: WCN3610 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3980 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:42.667Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Mobile, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Input Validation in SPI Buses", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25698", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:49:42.667Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20571
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20571", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39129
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-39129", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T11:10:32.525Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20533
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:53.007Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20533", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:53.007Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42504
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:40.993Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42504", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:40.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-30348
Vulnerability from cvelistv5
Published
2022-01-03 07:26
Modified
2024-08-03 22:32
Severity ?
EPSS score ?
Summary
Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
References
▼ | URL | Tags |
---|---|---|
https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
Version: APQ8009, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9379, QCA9886, QCM2290, QCM4290, QCM6490, QCN7605, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9335, WCD9340, WCD9341, W ...[truncated*] |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:32:41.122Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9379, QCA9886, QCM2290, QCM4290, QCM6490, QCN7605, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9335, WCD9340, WCD9341, W ...[truncated*]" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Uncontrolled Resource Consumption in Bluetooth", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-03T07:26:12", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin" } ], "x_ConverterErrors": { "version_name": { "error": "version_name too long. Use array of versions to record more than one version.", "message": "Truncated!" } }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2021-30348", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music", "version": { "version_data": [ { "version_value": "APQ8009, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9379, QCA9886, QCM2290, QCM4290, QCM6490, QCN7605, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835" } ] } } ] }, "vendor_name": "Qualcomm, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music" } ] }, "impact": { "cvss": { "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Uncontrolled Resource Consumption in Bluetooth" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin" } ] } } } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2021-30348", "datePublished": "2022-01-03T07:26:12", "dateReserved": "2021-04-07T00:00:00", "dateUpdated": "2024-08-03T22:32:41.122Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42517
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763682References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.170Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763682References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42517", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.170Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42516
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763577References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763577References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42516", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.241Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42521
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.312Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42521", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.312Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20500
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20500", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42514
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.248Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42514", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20557
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20557", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42534
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.377Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42534", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.377Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28390
Vulnerability from cvelistv5
Published
2022-04-03 20:07
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
References
▼ | URL | Tags |
---|---|---|
https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2022/dsa-5127 | vendor-advisory, x_refsource_DEBIAN | |
https://security.netapp.com/advisory/ntap-20220513-0001/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5173 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:56:15.238Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646" }, { "name": "FEDORA-2022-af492757d9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/" }, { "name": "FEDORA-2022-5cd9d787dc", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/" }, { "name": "FEDORA-2022-91633399ff", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/" }, { "name": "DSA-5127", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5127" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220513-0001/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-04T10:11:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646" }, { "name": "FEDORA-2022-af492757d9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/" }, { "name": "FEDORA-2022-5cd9d787dc", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/" }, { "name": "FEDORA-2022-91633399ff", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/" }, { "name": "DSA-5127", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5127" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220513-0001/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28390", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646" }, { "name": "FEDORA-2022-af492757d9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/" }, { "name": "FEDORA-2022-5cd9d787dc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/" }, { "name": "FEDORA-2022-91633399ff", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/" }, { "name": "DSA-5127", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5127" }, { "name": "https://security.netapp.com/advisory/ntap-20220513-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220513-0001/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28390", "datePublished": "2022-04-03T20:07:21", "dateReserved": "2022-04-03T00:00:00", "dateUpdated": "2024-08-03T05:56:15.238Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20595
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700137References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700137References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20595", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20548
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20548", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20541
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.941Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20541", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.941Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20588
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.933Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20588", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.933Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39134
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.465Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-39134", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T11:10:32.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1419
Vulnerability from cvelistv5
Published
2022-05-31 17:59
Modified
2024-08-03 00:03
Severity ?
EPSS score ?
Summary
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2077560 | x_refsource_MISC | |
https://www.debian.org/security/2022/dsa-5173 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:03:06.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077560" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 5.x" } ] } ], "descriptions": [ { "lang": "en", "value": "The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-04T10:11:22", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077560" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1419", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_value": "kernel 5.x" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2077560", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077560" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1419", "datePublished": "2022-05-31T17:59:18", "dateReserved": "2022-04-20T00:00:00", "dateUpdated": "2024-08-03T00:03:06.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20518
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.153Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20518", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20592
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20592", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42502
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42502", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20561
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.814Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20561", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.814Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20544
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.618Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20544", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.618Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20575
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237585040References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237585040References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20575", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20586
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.914Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20586", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.914Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20559
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20559", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32596
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MediaTek, Inc. | MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.559Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 10.0, 11.0, 12.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446213; Issue ID: ALPS07446213." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-05T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32596", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.559Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42542
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.386Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42542", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.386Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42771
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8020 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:03.814Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8020", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a race condition, This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "cwe-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-42771", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:19:03.814Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20517
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.545Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20517", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30594
Vulnerability from cvelistv5
Published
2022-05-12 00:00
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2 | ||
https://bugs.chromium.org/p/project-zero/issues/detail?id=2276 | ||
https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3 | ||
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3 | ||
http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html | ||
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | mailing-list | |
https://www.debian.org/security/2022/dsa-5173 | vendor-advisory | |
https://security.netapp.com/advisory/ntap-20220707-0001/ | ||
http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.169Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2" }, { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220707-0001/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2" }, { "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276" }, { "url": "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3" }, { "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "url": "https://security.netapp.com/advisory/ntap-20220707-0001/" }, { "url": "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-30594", "datePublished": "2022-05-12T00:00:00", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:13.169Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20506
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.110Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20506", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20482
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:51.822Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20482", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:51.822Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20555
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20555", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42530
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42530", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42519
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.392Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42519", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.392Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-0934
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 15:55
Severity ?
EPSS score ?
Summary
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:55:18.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2021-0934", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2020-11-06T00:00:00", "dateUpdated": "2024-08-03T15:55:18.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1116
Vulnerability from cvelistv5
Published
2022-05-17 16:50
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.
References
▼ | URL | Tags |
---|---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.4.189&id=1a623d361ffe5cecd4244a02f449528416360038 | x_refsource_MISC | |
https://kernel.dance/#1a623d361ffe5cecd4244a02f449528416360038 | x_refsource_MISC | |
http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220629-0004/ | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:55:23.656Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.4.189\u0026id=1a623d361ffe5cecd4244a02f449528416360038" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://kernel.dance/#1a623d361ffe5cecd4244a02f449528416360038" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220629-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.4.189", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "5.4.24", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Bing-Jhong Billy Jheng \u003cbilly@starlabs.sg\u003e" } ], "descriptions": [ { "lang": "en", "value": "Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-29T18:06:37", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.4.189\u0026id=1a623d361ffe5cecd4244a02f449528416360038" }, { "tags": [ "x_refsource_MISC" ], "url": "https://kernel.dance/#1a623d361ffe5cecd4244a02f449528416360038" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220629-0004/" } ], "source": { "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2022-1116", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "5.4.189" }, { "version_affected": "\u003e=", "version_value": "5.4.24" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Bing-Jhong Billy Jheng \u003cbilly@starlabs.sg\u003e" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190 Integer Overflow or Wraparound" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.4.189\u0026id=1a623d361ffe5cecd4244a02f449528416360038", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.4.189\u0026id=1a623d361ffe5cecd4244a02f449528416360038" }, { "name": "https://kernel.dance/#1a623d361ffe5cecd4244a02f449528416360038", "refsource": "MISC", "url": "https://kernel.dance/#1a623d361ffe5cecd4244a02f449528416360038" }, { "name": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220629-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220629-0004/" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-1116", "datePublished": "2022-05-17T16:50:11", "dateReserved": "2022-03-28T00:00:00", "dateUpdated": "2024-08-02T23:55:23.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20550
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.872Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20550", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39771
Vulnerability from cvelistv5
Published
2022-03-30 16:02
Modified
2024-08-04 02:13
Severity ?
EPSS score ?
Summary
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951
References
▼ | URL | Tags |
---|---|---|
https://source.android.com/security/bulletin/android-12l | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:13:38.450Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://source.android.com/security/bulletin/android-12l" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-12L" } ] } ], "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-30T16:02:36", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://source.android.com/security/bulletin/android-12l" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2021-39771", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android-12L" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.android.com/security/bulletin/android-12l", "refsource": "MISC", "url": "https://source.android.com/security/bulletin/android-12l" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2021-39771", "datePublished": "2022-03-30T16:02:36", "dateReserved": "2021-08-23T00:00:00", "dateUpdated": "2024-08-04T02:13:38.450Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42509
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241544307References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.012Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241544307References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42509", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.012Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20495
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20495", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25692
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
Version: AR8035 Version: QCA6390 Version: QCA6391 Version: QCA6574A Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCM6490 Version: QCN6024 Version: QCN9024 Version: QCS6490 Version: QCX315 Version: SA515M Version: SD 8 Gen1 5G Version: SD429 Version: SD480 Version: SD690 5G Version: SD695 Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD865 5G Version: SD870 Version: SD888 5G Version: SDA429W Version: SDM429W Version: SDX55 Version: SDX55M Version: SDX57M Version: SDX65 Version: SM4375 Version: SM7250P Version: SM7325P Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3980 Version: WCN3988 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.664Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX57M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Reachable Assertion in MODEM", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25692", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.664Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20601
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.917Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20601", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.917Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20479
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764340
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.069Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764340" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20479", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.069Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42772
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8021 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:04.883Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8021", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "cwe-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-42772", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:19:04.883Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25682
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Version: APQ8009 Version: APQ8009W Version: APQ8017 Version: APQ8037 Version: APQ8052 Version: APQ8056 Version: APQ8076 Version: APQ8096AU Version: AQT1000 Version: AR6003 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: MDM8207 Version: MDM8215 Version: MDM8215M Version: MDM8615M Version: MDM9150 Version: MDM9205 Version: MDM9206 Version: MDM9207 Version: MDM9215 Version: MDM9230 Version: MDM9250 Version: MDM9310 Version: MDM9330 Version: MDM9607 Version: MDM9615 Version: MDM9615M Version: MDM9628 Version: MDM9630 Version: MDM9640 Version: MDM9650 Version: MDM9655 Version: MSM8108 Version: MSM8208 Version: MSM8209 Version: MSM8608 Version: MSM8909W Version: MSM8917 Version: MSM8920 Version: MSM8937 Version: MSM8940 Version: MSM8952 Version: MSM8956 Version: MSM8976 Version: MSM8976SG Version: MSM8996AU Version: QCA4004 Version: QCA6174 Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584 Version: QCA6584AU Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCA9367 Version: QCA9377 Version: QCC5100 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCM6490 Version: QCN6024 Version: QCN9024 Version: QCS2290 Version: QCS405 Version: QCS410 Version: QCS4290 Version: QCS603 Version: QCS605 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QCX315 Version: QET4101 Version: QSW8573 Version: Qualcomm215 Version: SA415M Version: SA515M Version: SC8180X+SDX55 Version: SD 455 Version: SD 636 Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8cx Gen2 Version: SD205 Version: SD210 Version: SD429 Version: SD439 Version: SD450 Version: SD460 Version: SD480 Version: SD625 Version: SD626 Version: SD632 Version: SD660 Version: SD662 Version: SD665 Version: SD670 Version: SD675 Version: SD678 Version: SD680 Version: SD690 5G Version: SD695 Version: SD710 Version: SD712 Version: SD720G Version: SD730 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD7c Version: SD820 Version: SD821 Version: SD835 Version: SD845 Version: SD850 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SD888 5G Version: SDA429W Version: SDM429W Version: SDM630 Version: SDW2500 Version: SDX12 Version: SDX20 Version: SDX24 Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX57M Version: SDX65 Version: SDXR1 Version: SDXR2 5G Version: SM4375 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: SW5100 Version: SW5100P Version: WCD9306 Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.712Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8009W" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8037" }, { "status": "affected", "version": "APQ8052" }, { "status": "affected", "version": "APQ8056" }, { "status": "affected", "version": "APQ8076" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR6003" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "MDM8207" }, { "status": "affected", "version": "MDM8215" }, { "status": "affected", "version": "MDM8215M" }, { "status": "affected", "version": "MDM8615M" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "MDM9205" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9207" }, { "status": "affected", "version": "MDM9215" }, { "status": "affected", "version": "MDM9230" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9310" }, { "status": "affected", "version": "MDM9330" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9615" }, { "status": "affected", "version": "MDM9615M" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9630" }, { "status": "affected", "version": "MDM9640" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MDM9655" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8909W" }, { "status": "affected", "version": "MSM8917" }, { "status": "affected", "version": "MSM8920" }, { "status": "affected", "version": "MSM8937" }, { "status": "affected", "version": "MSM8940" }, { "status": "affected", "version": "MSM8952" }, { "status": "affected", "version": "MSM8956" }, { "status": "affected", "version": "MSM8976" }, { "status": "affected", "version": "MSM8976SG" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "QCA4004" }, { "status": "affected", "version": "QCA6174" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QET4101" }, { "status": "affected", "version": "QSW8573" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 455" }, { "status": "affected", "version": "SD 636" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD439" }, { "status": "affected", "version": "SD450" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD632" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD712" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD820" }, { "status": "affected", "version": "SD821" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDM630" }, { "status": "affected", "version": "SDW2500" }, { "status": "affected", "version": "SDX12" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX57M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "WCD9306" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Use of Out-of-range Pointer Offset in MODEM", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25682", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42522
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130038References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130038References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42522", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.306Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20515
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.574Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20515", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.574Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32594
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MediaTek, Inc. | MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.351Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 10.0, 11.0, 12.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-05T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32594", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20528
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.663Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20528", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.663Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20476
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.884Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L" } ] } ], "descriptions": [ { "lang": "en", "value": "In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20476", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.884Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25673
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Mobile |
Version: AR8035 Version: QCA8081 Version: QCA8337 Version: QCN6024 Version: QCN9024 Version: SD 8 Gen1 5G Version: SDX65 Version: WCD9380 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Reachable Assertion in MODEM", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25673", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39617
Vulnerability from cvelistv5
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2023-03-03T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "rejectedReasons": [ { "lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2021-39617", "dateRejected": "2023-03-03T00:00:00", "dateReserved": "2021-08-23T00:00:00", "dateUpdated": "2023-03-03T00:00:00", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }
cve-2022-20523
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.535Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20523", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20581
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.893Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20581", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.893Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42508
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388966References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.020Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388966References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42508", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.020Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20472
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.869Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20472", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.869Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20474
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20474", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20591
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.885Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20591", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.885Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20537
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.860Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20537", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.860Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20504
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20504", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20599
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In Pixel firmware, there is a possible exposure of sensitive memory due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332706References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.906Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In Pixel firmware, there is a possible exposure of sensitive memory due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332706References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20599", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.906Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20598
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20598", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20611
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.935Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20611", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.935Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20144
Vulnerability from cvelistv5
Published
2022-06-15 00:00
Modified
2024-08-03 02:02
Severity ?
EPSS score ?
Summary
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:02:31.015Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/aaos/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/aaos/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20144", "datePublished": "2022-06-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:02:31.015Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42520
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42520", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20502
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222166527
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.578Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222166527" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20502", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20498
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246465319
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.817Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246465319" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20498", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.817Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20486
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703118
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:51.828Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703118" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20486", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:51.828Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20584
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20584", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20527
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20527", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20496
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.639Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20496", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20558
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.894Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20558", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.894Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20566
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20566", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.898Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20606
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.927Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20606", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.927Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33238
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
Version: APQ8009 Version: APQ8017 Version: APQ8064AU Version: APQ8076 Version: APQ8096AU Version: AQT1000 Version: AR8031 Version: AR8035 Version: AR9380 Version: CSR8811 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: IPQ4018 Version: IPQ4019 Version: IPQ4028 Version: IPQ4029 Version: IPQ5010 Version: IPQ5018 Version: IPQ5028 Version: IPQ6000 Version: IPQ6010 Version: IPQ6018 Version: IPQ6028 Version: IPQ8064 Version: IPQ8065 Version: IPQ8068 Version: IPQ8069 Version: IPQ8070 Version: IPQ8070A Version: IPQ8071 Version: IPQ8071A Version: IPQ8072 Version: IPQ8072A Version: IPQ8074 Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: IPQ9008 Version: IPQ9574 Version: MDM8215 Version: MDM9206 Version: MDM9215 Version: MDM9250 Version: MDM9310 Version: MDM9607 Version: MDM9615 Version: MDM9628 Version: MDM9640 Version: MDM9645 Version: MDM9650 Version: MSM8976 Version: MSM8996AU Version: PMP8074 Version: QAM8295P Version: QCA0000 Version: QCA1023 Version: QCA1062 Version: QCA1064 Version: QCA2062 Version: QCA2064 Version: QCA2065 Version: QCA2066 Version: QCA4020 Version: QCA4024 Version: QCA4531 Version: QCA6174 Version: QCA6174A Version: QCA6175A Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6428 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6438 Version: QCA6554A Version: QCA6564 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584 Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA7500 Version: QCA8072 Version: QCA8075 Version: QCA8081 Version: QCA8082 Version: QCA8084 Version: QCA8085 Version: QCA8337 Version: QCA8386 Version: QCA9367 Version: QCA9369 Version: QCA9377 Version: QCA9379 Version: QCA9880 Version: QCA9886 Version: QCA9888 Version: QCA9889 Version: QCA9898 Version: QCA9980 Version: QCA9984 Version: QCA9985 Version: QCA9987 Version: QCA9990 Version: QCA9992 Version: QCA9994 Version: QCC5100 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCM6490 Version: QCN5021 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5054 Version: QCN5064 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN5550 Version: QCN6023 Version: QCN6024 Version: QCN6100 Version: QCN6102 Version: QCN6112 Version: QCN6122 Version: QCN6132 Version: QCN7605 Version: QCN7606 Version: QCN9000 Version: QCN9001 Version: QCN9002 Version: QCN9003 Version: QCN9011 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 Version: QCS2290 Version: QCS405 Version: QCS410 Version: QCS4290 Version: QCS603 Version: QCS605 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QCX315 Version: QRB5165 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: QSM8350 Version: SA4150P Version: SA4155P Version: SA415M Version: SA515M Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8295P Version: SC8180X+SDX55 Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8CX Version: SD 8cx Gen2 Version: SD 8cx Gen3 Version: SD460 Version: SD480 Version: SD660 Version: SD662 Version: SD665 Version: SD670 Version: SD675 Version: SD678 Version: SD680 Version: SD690 5G Version: SD695 Version: SD710 Version: SD712 Version: SD720G Version: SD730 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD7c Version: SD820 Version: SD821 Version: SD835 Version: SD845 Version: SD850 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SD888 5G Version: SDX12 Version: SDX20 Version: SDX20M Version: SDX24 Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX65 Version: SDXR1 Version: SDXR2 5G Version: SM4125 Version: SM4375 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: SW5100 Version: SW5100P Version: SXR2150P Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3660B Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN3999 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.538Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8064AU" }, { "status": "affected", "version": "APQ8076" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "IPQ4018" }, { "status": "affected", "version": "IPQ4019" }, { "status": "affected", "version": "IPQ4028" }, { "status": "affected", "version": "IPQ4029" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8069" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "MDM8215" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9215" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9310" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9615" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9640" }, { "status": "affected", "version": "MDM9645" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8976" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA0000" }, { "status": "affected", "version": "QCA1023" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4020" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA4531" }, { "status": "affected", "version": "QCA6174" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6175A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6428" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6438" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA7500" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9369" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCA9880" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9898" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9987" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5064" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN5550" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN7605" }, { "status": "affected", "version": "QCN7606" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA4155P" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8CX" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD712" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD820" }, { "status": "affected", "version": "SD821" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX12" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX20M" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN3999" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Loop with unreachable exit condition in WLAN", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33238", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-06-14T00:00:00", "dateUpdated": "2024-08-03T08:01:20.538Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20497
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20497", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32619
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MediaTek, Inc. | MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 10.0, 11.0, 12.0, 13.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 10.0, 11.0, 12.0, 13.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-05T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32619", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33235
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
Version: APQ8009 Version: APQ8096AU Version: AQT1000 Version: AR8031 Version: AR8035 Version: AR9380 Version: CSR8811 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: IPQ4018 Version: IPQ4028 Version: IPQ4029 Version: IPQ5010 Version: IPQ5018 Version: IPQ5028 Version: IPQ6000 Version: IPQ6010 Version: IPQ6018 Version: IPQ6028 Version: IPQ8064 Version: IPQ8069 Version: IPQ8070 Version: IPQ8070A Version: IPQ8071 Version: IPQ8071A Version: IPQ8072 Version: IPQ8072A Version: IPQ8074 Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: IPQ9008 Version: IPQ9574 Version: MDM9640 Version: MSM8996AU Version: PMP8074 Version: QAM8295P Version: QCA1062 Version: QCA1064 Version: QCA2062 Version: QCA2064 Version: QCA2065 Version: QCA2066 Version: QCA4020 Version: QCA4024 Version: QCA6174A Version: QCA6310 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6428 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6438 Version: QCA6554A Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA8072 Version: QCA8075 Version: QCA8081 Version: QCA8082 Version: QCA8084 Version: QCA8085 Version: QCA8337 Version: QCA8386 Version: QCA9367 Version: QCA9377 Version: QCA9379 Version: QCA9888 Version: QCA9889 Version: QCA9898 Version: QCA9980 Version: QCA9984 Version: QCA9990 Version: QCA9992 Version: QCA9994 Version: QCC5100 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCM6490 Version: QCN5021 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5054 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN6023 Version: QCN6024 Version: QCN6100 Version: QCN6102 Version: QCN6112 Version: QCN6122 Version: QCN6132 Version: QCN7605 Version: QCN7606 Version: QCN9000 Version: QCN9001 Version: QCN9002 Version: QCN9003 Version: QCN9011 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 Version: QCS2290 Version: QCS405 Version: QCS410 Version: QCS4290 Version: QCS603 Version: QCS605 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QCX315 Version: QRB5165 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: QSM8350 Version: SA4150P Version: SA415M Version: SA515M Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8295P Version: SC8180X+SDX55 Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8CX Version: SD 8cx Gen2 Version: SD 8cx Gen3 Version: SD460 Version: SD480 Version: SD660 Version: SD662 Version: SD665 Version: SD670 Version: SD675 Version: SD678 Version: SD680 Version: SD690 5G Version: SD695 Version: SD710 Version: SD712 Version: SD720G Version: SD730 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD7c Version: SD820 Version: SD845 Version: SD850 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SD888 5G Version: SDX20 Version: SDX20M Version: SDX24 Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX65 Version: SDXR1 Version: SDXR2 5G Version: SM4125 Version: SM4375 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: SW5100 Version: SW5100P Version: SXR2150P Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3660B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN3999 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "IPQ4018" }, { "status": "affected", "version": "IPQ4028" }, { "status": "affected", "version": "IPQ4029" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8069" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "MDM9640" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4020" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6428" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6438" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9898" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN7605" }, { "status": "affected", "version": "QCN7606" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8CX" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD712" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD820" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX20M" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN3999" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer over-read in WLAN firmware", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33235", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-06-14T00:00:00", "dateUpdated": "2024-08-03T08:01:20.501Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20580
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.908Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20580", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25689
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:42
Severity ?
EPSS score ?
Summary
Denial of service in Modem due to reachable assertion in Snapdragon Mobile
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Mobile |
Version: AR8035 Version: QCA8081 Version: QCA8337 Version: QCN6024 Version: QCN9024 Version: SDX65 Version: WCD9380 Version: WCN6855 Version: WCN6856 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:42:50.658Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service in Modem due to reachable assertion in Snapdragon Mobile" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Reachable Assertion in MODEM", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25689", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:42:50.658Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20478
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764135
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.313Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764135" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20478", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.313Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20524
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20524", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.519Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23960
Vulnerability from cvelistv5
Published
2022-03-12 23:57
Modified
2024-08-03 03:59
Severity ?
EPSS score ?
Summary
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
References
▼ | URL | Tags |
---|---|---|
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability | x_refsource_CONFIRM | |
https://developer.arm.com/support/arm-security-updates | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2022/03/18/2 | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5173 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:59:23.170Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://developer.arm.com/support/arm-security-updates" }, { "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-04T10:10:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "tags": [ "x_refsource_MISC" ], "url": "https://developer.arm.com/support/arm-security-updates" }, { "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-23960", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "refsource": "CONFIRM", "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "https://developer.arm.com/support/arm-security-updates", "refsource": "MISC", "url": "https://developer.arm.com/support/arm-security-updates" }, { "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23960", "datePublished": "2022-03-12T23:57:21", "dateReserved": "2022-01-26T00:00:00", "dateUpdated": "2024-08-03T03:59:23.170Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25702
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
Version: APQ8009 Version: APQ8017 Version: APQ8037 Version: AQT1000 Version: AR8035 Version: FSM10055 Version: MSM8108 Version: MSM8208 Version: MSM8209 Version: MSM8608 Version: MSM8917 Version: MSM8937 Version: QCA6390 Version: QCA6391 Version: QCA6421 Version: QCA6426 Version: QCA6431 Version: QCA6436 Version: QCA8081 Version: QCA8337 Version: QCN6024 Version: QCN9024 Version: QCX315 Version: SA515M Version: SD 8 Gen1 5G Version: SD205 Version: SD210 Version: SD429 Version: SD439 Version: SD480 Version: SD690 5G Version: SD695 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD780G Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SDA429W Version: SDM429W Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX65 Version: SDXR2 5G Version: SM4375 Version: SM7250P Version: SM7315 Version: WCD9326 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660B Version: WCN3680B Version: WCN3980 Version: WCN3988 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:42.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8037" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "FSM10055" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8917" }, { "status": "affected", "version": "MSM8937" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD439" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Reachable Assertion in Modem", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin" } ] } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25702", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:49:42.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20604
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.917Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20604", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.917Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42770
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8019 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:04.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8019", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a race condition, This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "cwe-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-42770", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:19:04.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20540
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20540", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20607
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20607", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20608
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.942Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20608", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.942Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32597
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | MediaTek, Inc. | MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 10.0, 11.0, 12.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-05T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/December-2022" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32597", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20468
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228450451
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228450451" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20468", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20491
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20491", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20552
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.811Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20552", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.811Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20570
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.847Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20570", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.847Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20578
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.872Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20578", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42518
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42518", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0500
Vulnerability from cvelistv5
Published
2022-03-25 18:03
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2044578 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220519-0001/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:32:46.009Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044578" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220519-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 5.17-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel\u2019s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-19T19:06:16", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044578" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220519-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0500", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_value": "Linux kernel 5.17-rc1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel\u2019s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2044578", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044578" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4807322660d4290ac9062c034aed6b87243861" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=48946bd6a5d695c50b34546864b79c1f910a33c1" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf9f2f8d62eca810afbd1ee6cc0800202b000e57" }, { "name": "https://security.netapp.com/advisory/ntap-20220519-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220519-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0500", "datePublished": "2022-03-25T18:03:03", "dateReserved": "2022-02-04T00:00:00", "dateUpdated": "2024-08-02T23:32:46.009Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20545
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.878Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20545", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20444
Vulnerability from cvelistv5
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2023-03-06T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "rejectedReasons": [ { "lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20444", "dateRejected": "2023-03-06T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2023-03-06T00:00:00", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }
cve-2022-42531
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42531", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.269Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20124
Vulnerability from cvelistv5
Published
2022-06-15 00:00
Modified
2024-08-03 02:02
Severity ?
EPSS score ?
Summary
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-170646036
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:02:30.843Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-170646036" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20124", "datePublished": "2022-06-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:02:30.843Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42532
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.375Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-42532", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-10-07T00:00:00", "dateUpdated": "2024-08-03T13:10:41.375Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20469
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230867224
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230867224" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20469", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.871Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20594
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239567689References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.880Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239567689References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20594", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.880Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20576
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20576", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20589
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.942Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20589", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.942Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20529
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20529", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20480
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764350
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.755Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764350" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20480", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.755Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20471
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238177877
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.773Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238177877" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20471", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.773Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20521
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20521", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39131
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 11:10
Severity ?
EPSS score ?
Summary
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.443Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-06T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1599588060988411006" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-39131", "datePublished": "2022-12-06T00:00:00", "dateReserved": "2022-09-01T00:00:00", "dateUpdated": "2024-08-03T11:10:32.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34495
Vulnerability from cvelistv5
Published
2022-06-26 15:28
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/c2eecefec5df1306eafce28ccdf1ca159a552ecc | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:15:15.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/c2eecefec5df1306eafce28ccdf1ca159a552ecc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-26T15:28:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/c2eecefec5df1306eafce28ccdf1ca159a552ecc" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-34495", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4" }, { "name": "https://github.com/torvalds/linux/commit/c2eecefec5df1306eafce28ccdf1ca159a552ecc", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/c2eecefec5df1306eafce28ccdf1ca159a552ecc" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-34495", "datePublished": "2022-06-26T15:28:07", "dateReserved": "2022-06-26T00:00:00", "dateUpdated": "2024-08-03T09:15:15.096Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20466
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.906Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user\u0027s password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20466", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.906Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20603
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219265339References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.915Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219265339References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20603", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.915Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20505
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:51.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20505", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:51.848Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20501
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.953Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20501", "datePublished": "2022-12-13T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.953Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.