Action not permitted
Modal body text goes here.
wid-sec-w-2023-0018
Vulnerability from csaf_certbund
Published
2023-01-03 23:00
Modified
2023-01-03 23:00
Summary
Android Patchday Januar 2023
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem von Google ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erhöhen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen und um einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Android
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Das Android Betriebssystem von Google ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erh\u00f6hen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen und um einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Android", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0018 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0018.json" }, { "category": "self", "summary": "WID-SEC-2023-0018 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0018" }, { "category": "external", "summary": "Samsung Security Updates vom 2023-01-03", "url": "https://security.samsungmobile.com/securityUpdate.smsb" }, { "category": "external", "summary": "Pixel Update Bulletin January 2023 vom 2023-01-03", "url": "https://source.android.com/docs/security/bulletin/pixel/2023-01-01" }, { "category": "external", "summary": "Android Security Bulletin January 2023 vom 2023-01-03", "url": "https://source.android.com/docs/security/bulletin/2023-01-01" } ], "source_lang": "en-US", "title": "Android Patchday Januar 2023", "tracking": { "current_release_date": "2023-01-03T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:08:25.993+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0018", "initial_release_date": "2023-01-03T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-03T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Google Android 12L", "product": { "name": "Google Android 12L", "product_id": "1185256", "product_identification_helper": { "cpe": "cpe:/o:google:android:12l" } } }, { "category": "product_name", "name": "Google Android 10", "product": { "name": "Google Android 10", "product_id": "T019174", "product_identification_helper": { "cpe": "cpe:/o:google:android:10" } } }, { "category": "product_name", "name": "Google Android 11", "product": { "name": "Google Android 11", "product_id": "T019739", "product_identification_helper": { "cpe": "cpe:/o:google:android:11" } } }, { "category": "product_name", "name": "Google Android 12", "product": { "name": "Google Android 12", "product_id": "T020881", "product_identification_helper": { "cpe": "cpe:/o:google:android:12" } } }, { "category": "product_name", "name": "Google Android 13", "product": { "name": "Google Android 13", "product_id": "T024488", "product_identification_helper": { "cpe": "cpe:/o:google:android:13" } } } ], "category": "product_name", "name": "Android" } ], "category": "vendor", "name": "Google" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-20928", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20928" }, { "cve": "CVE-2023-20925", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20925" }, { "cve": "CVE-2023-20924", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20924" }, { "cve": "CVE-2023-20923", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20923" }, { "cve": "CVE-2023-20922", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20922" }, { "cve": "CVE-2023-20921", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20921" }, { "cve": "CVE-2023-20920", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20920" }, { "cve": "CVE-2023-20919", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20919" }, { "cve": "CVE-2023-20918", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20918" }, { "cve": "CVE-2023-20916", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20916" }, { "cve": "CVE-2023-20915", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20915" }, { "cve": "CVE-2023-20913", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20913" }, { "cve": "CVE-2023-20912", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20912" }, { "cve": "CVE-2023-20908", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20908" }, { "cve": "CVE-2023-20905", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20905" }, { "cve": "CVE-2023-20904", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2023-20904" }, { "cve": "CVE-2022-44438", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44438" }, { "cve": "CVE-2022-44437", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44437" }, { "cve": "CVE-2022-44436", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44436" }, { "cve": "CVE-2022-44435", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44435" }, { "cve": "CVE-2022-44434", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44434" }, { "cve": "CVE-2022-44432", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44432" }, { "cve": "CVE-2022-44431", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44431" }, { "cve": "CVE-2022-44430", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44430" }, { "cve": "CVE-2022-44429", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44429" }, { "cve": "CVE-2022-44428", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44428" }, { "cve": "CVE-2022-44427", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44427" }, { "cve": "CVE-2022-44426", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44426" }, { "cve": "CVE-2022-44425", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-44425" }, { "cve": "CVE-2022-42721", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-42721" }, { "cve": "CVE-2022-42720", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-42720" }, { "cve": "CVE-2022-42719", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-42719" }, { "cve": "CVE-2022-41674", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-41674" }, { "cve": "CVE-2022-33286", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33286" }, { "cve": "CVE-2022-33285", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33285" }, { "cve": "CVE-2022-33284", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33284" }, { "cve": "CVE-2022-33283", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33283" }, { "cve": "CVE-2022-33276", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33276" }, { "cve": "CVE-2022-33274", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33274" }, { "cve": "CVE-2022-33266", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33266" }, { "cve": "CVE-2022-33255", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33255" }, { "cve": "CVE-2022-33253", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33253" }, { "cve": "CVE-2022-33252", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-33252" }, { "cve": "CVE-2022-32637", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-32637" }, { "cve": "CVE-2022-32636", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-32636" }, { "cve": "CVE-2022-32635", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-32635" }, { "cve": "CVE-2022-2959", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-2959" }, { "cve": "CVE-2022-25746", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-25746" }, { "cve": "CVE-2022-25725", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-25725" }, { "cve": "CVE-2022-25722", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-25722" }, { "cve": "CVE-2022-25721", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-25721" }, { "cve": "CVE-2022-25717", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-25717" }, { "cve": "CVE-2022-25715", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-25715" }, { "cve": "CVE-2022-23960", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-23960" }, { "cve": "CVE-2022-22088", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-22088" }, { "cve": "CVE-2022-22079", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-22079" }, { "cve": "CVE-2022-20494", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-20494" }, { "cve": "CVE-2022-20493", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-20493" }, { "cve": "CVE-2022-20492", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-20492" }, { "cve": "CVE-2022-20490", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-20490" }, { "cve": "CVE-2022-20489", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-20489" }, { "cve": "CVE-2022-20461", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-20461" }, { "cve": "CVE-2022-20456", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-20456" }, { "cve": "CVE-2022-20235", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2022-20235" }, { "cve": "CVE-2021-35134", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2021-35134" }, { "cve": "CVE-2021-35113", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2021-35113" }, { "cve": "CVE-2021-35097", "notes": [ { "category": "description", "text": "In Google Android existieren mehrere Schwachstellen in den Komponenten Framework, System, Google Play und Kernel. Ein Angreifer kann dadurch Code ausf\u00fchren, seine Privilegien erweitern, vertrauliche Informationen offenlegen und einen Denial of Service Zustand herbeif\u00fchren. Weiterhin bestehen mehrere nicht n\u00e4her beschriebene Schwachstellen, die ein Angreifer mit unbekannten Auswirkungen ausnutzen kann. Dies betrifft in Android genutzte Komponenten der Hersteller Imagination Technologies, MediaTek, Unisoc und Qualcomm. Zur Ausnutzung dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer b\u00f6sartig gestalteten App erforderlich." } ], "product_status": { "known_affected": [ "T019739", "1185256", "T019174", "T024488", "T020881" ] }, "release_date": "2023-01-03T23:00:00Z", "title": "CVE-2021-35097" } ] }
cve-2022-20490
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:51.838Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20490", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:51.838Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20920
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.450Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20920", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.450Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32635
Vulnerability from cvelistv5
Published
2023-01-03 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/January-2023" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6580, MT6735, MT6739, MT6753, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6891, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 10.0, 11.0, 12.0, 13.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-03T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2023" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32635", "datePublished": "2023-01-03T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25721
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Incorrect Type Conversion in Video driver
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:42.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS8155" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in video driver due to type confusion error during video playback" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Incorrect Type Conversion in Video driver" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25721", "datePublished": "2023-01-06T05:02:08.324Z", "dateReserved": "2022-02-22T11:38:09.300Z", "dateUpdated": "2024-08-03T04:49:42.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33276
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Buffer copy without checking size of input in Modem
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer copy without checking size of input in Modem" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33276", "datePublished": "2023-01-06T05:02:24.356Z", "dateReserved": "2022-06-14T10:44:39.600Z", "dateUpdated": "2024-08-03T08:01:20.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44430
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.734Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "cwe-122 Heap Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44430", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44426
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "cwe-190 Integer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44426", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.666Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44436
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.937Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44436", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.937Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20489
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.041Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20489", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.041Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-35113
Vulnerability from cvelistv5
Published
2022-09-02 11:30
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
References
▼ | URL | Tags |
---|---|---|
https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:33:51.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000, CSRB31024, QCA6174A, QCA6310, QCA6335, QCA6420, QCA6430, QCA6564AU, QCA6574AU, QCA6595AU, QCA6696, QCA9377, QCS410, QCS610, SA415M, SD 675, SD429, SD675, SD678, SD720G, SD730, SD7c, SD845, SD850, SD855, SDM429W, SDX24, SDX50M, SDX55, SDX55M, SM6250, SM6250P, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WSA8810, WSA8815" } ] } ], "descriptions": [ { "lang": "en", "value": "Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cryptographic Issues in Key Provisioning", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-02T11:30:58", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2021-35113", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", "version": { "version_data": [ { "version_value": "AQT1000, CSRB31024, QCA6174A, QCA6310, QCA6335, QCA6420, QCA6430, QCA6564AU, QCA6574AU, QCA6595AU, QCA6696, QCA9377, QCS410, QCS610, SA415M, SD 675, SD429, SD675, SD678, SD720G, SD730, SD7c, SD845, SD850, SD855, SDM429W, SDX24, SDX50M, SDX55, SDX55M, SM6250, SM6250P, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WSA8810, WSA8815" } ] } } ] }, "vendor_name": "Qualcomm, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables" } ] }, "impact": { "cvss": { "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cryptographic Issues in Key Provisioning" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ] } } } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2021-35113", "datePublished": "2022-09-02T11:30:58", "dateReserved": "2021-06-21T00:00:00", "dateUpdated": "2024-08-04T00:33:51.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20493
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20493", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.556Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20492
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:51.838Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20492", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:51.838Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33255
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Buffer over-read in Bluetooth HOST
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.521Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD439" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer over-read in Bluetooth HOST" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33255", "datePublished": "2023-01-06T05:02:18.976Z", "dateReserved": "2022-06-14T10:44:39.589Z", "dateUpdated": "2024-08-03T08:01:20.521Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44438
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44438", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25725
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Use-after-Free in MODEM
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:42.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Industrial IOT", "Snapdragon Mobile" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX57M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service in MODEM due to improper pointer handling" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Use-after-Free in MODEM" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25725", "datePublished": "2023-01-06T05:02:11.067Z", "dateReserved": "2022-02-22T11:38:09.302Z", "dateUpdated": "2024-08-03T04:49:42.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44432
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.642Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "cwe-190 Integer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44432", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.642Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20912
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20912", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20921
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.608Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20921", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.608Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20923
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.555Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20923", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20235
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 02:02
Severity ?
EPSS score ?
Summary
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:02:31.054Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android SoC" } ] } ], "descriptions": [ { "lang": "en", "value": "The PowerVR GPU kernel driver maintains an \"Information Page\" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20235", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:02:31.054Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20908
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.590Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20908", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.590Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23960
Vulnerability from cvelistv5
Published
2022-03-12 23:57
Modified
2024-08-03 03:59
Severity ?
EPSS score ?
Summary
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
References
▼ | URL | Tags |
---|---|---|
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability | x_refsource_CONFIRM | |
https://developer.arm.com/support/arm-security-updates | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2022/03/18/2 | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5173 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:59:23.170Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://developer.arm.com/support/arm-security-updates" }, { "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-04T10:10:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "tags": [ "x_refsource_MISC" ], "url": "https://developer.arm.com/support/arm-security-updates" }, { "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-23960", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", "refsource": "CONFIRM", "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "name": "https://developer.arm.com/support/arm-security-updates", "refsource": "MISC", "url": "https://developer.arm.com/support/arm-security-updates" }, { "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23960", "datePublished": "2022-03-12T23:57:21", "dateReserved": "2022-01-26T00:00:00", "dateUpdated": "2024-08-03T03:59:23.170Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2959
Vulnerability from cvelistv5
Published
2022-08-25 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1165/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230214-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel 5.19" } ] } ], "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel\u0027s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-667", "description": "CWE-667", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1165/" }, { "url": "https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a" }, { "url": "https://security.netapp.com/advisory/ntap-20230214-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2959", "datePublished": "2022-08-25T00:00:00", "dateReserved": "2022-08-23T00:00:00", "dateUpdated": "2024-08-03T00:53:00.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33283
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Buffer over-read in WLAN
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.511Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer over-read in WLAN" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33283", "datePublished": "2023-01-06T05:02:25.629Z", "dateReserved": "2022-06-14T10:44:39.602Z", "dateUpdated": "2024-08-03T08:01:20.511Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44428
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "cwe-122 Heap Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44428", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20913
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20913", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.497Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33252
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Buffer over-read in WLAN
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.509Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer over-read in WLAN" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33252", "datePublished": "2023-01-06T05:02:16.318Z", "dateReserved": "2022-06-14T10:44:39.588Z", "dateUpdated": "2024-08-03T08:01:20.509Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-35097
Vulnerability from cvelistv5
Published
2022-09-02 11:30
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
References
▼ | URL | Tags |
---|---|---|
https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:33:51.022Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, QCA6174A, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SA8540P, SA9000P, SC8180X+SDX55, SD 675, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, W ...[truncated*]" } ] } ], "descriptions": [ { "lang": "en", "value": "Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Cryptographic issues in Content Protection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-02T11:30:55", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ], "x_ConverterErrors": { "version_name": { "error": "version_name too long. Use array of versions to record more than one version.", "message": "Truncated!" } }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2021-35097", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables", "version": { "version_data": [ { "version_value": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, QCA6174A, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SA8540P, SA9000P, SC8180X+SDX55, SD 675, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835" } ] } } ] }, "vendor_name": "Qualcomm, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables" } ] }, "impact": { "cvss": { "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cryptographic issues in Content Protection" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ] } } } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2021-35097", "datePublished": "2022-09-02T11:30:55", "dateReserved": "2021-06-21T00:00:00", "dateUpdated": "2024-08-04T00:33:51.022Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25746
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Buffer Copy Without Checking Size of Input in Kernel
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:44.246Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SA8540P" }, { "status": "affected", "version": "SA9000P" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8CX" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX57M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer Copy Without Checking Size of Input in Kernel" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25746", "datePublished": "2023-01-06T05:02:12.421Z", "dateReserved": "2022-02-22T11:38:09.315Z", "dateUpdated": "2024-08-03T04:49:44.246Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25722
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Information Exposure in DSP Services
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:43.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Consumer IOT", "Snapdragon Mobile", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "IPQ4018" }, { "status": "affected", "version": "IPQ4019" }, { "status": "affected", "version": "IPQ4028" }, { "status": "affected", "version": "IPQ4029" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA7500" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA9880" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9898" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" } ] } ], "descriptions": [ { "lang": "en", "value": "Information exposure in DSP services due to improper handling of freeing memory" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Information Exposure in DSP Services" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25722", "datePublished": "2023-01-06T05:02:09.721Z", "dateReserved": "2022-02-22T11:38:09.300Z", "dateUpdated": "2024-08-03T04:49:43.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33266
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Integer overflow to buffer overflow in Audio
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.548Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Voice \u0026 Music", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8009W" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8064AU" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8909W" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDW2500" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX20M" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Integer overflow to buffer overflow in Audio" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33266", "datePublished": "2023-01-06T05:02:21.689Z", "dateReserved": "2022-06-14T10:44:39.596Z", "dateUpdated": "2024-08-03T08:01:20.548Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20904
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:34.014Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20904", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:34.014Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20925
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:34.023Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20925", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:34.023Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33285
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Buffer over-read in WLAN
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon IoT", "Snapdragon Mobile", "Snapdragon Voice \u0026 Music", "Snapdragon Wearables", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8064AU" }, { "status": "affected", "version": "APQ8076" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "IPQ4018" }, { "status": "affected", "version": "IPQ4028" }, { "status": "affected", "version": "IPQ4029" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8069" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "MDM8215" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9215" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9310" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9615" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9640" }, { "status": "affected", "version": "MDM9645" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8976" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4020" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA4531" }, { "status": "affected", "version": "QCA6174" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6175A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6428" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6438" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9898" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN7605" }, { "status": "affected", "version": "QCN7606" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 455" }, { "status": "affected", "version": "SD 636" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8CX" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD712" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD820" }, { "status": "affected", "version": "SD821" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDM630" }, { "status": "affected", "version": "SDX12" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX20M" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN3999" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer over-read in WLAN" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33285", "datePublished": "2023-01-06T05:02:28.591Z", "dateReserved": "2022-06-14T10:44:39.603Z", "dateUpdated": "2024-08-03T08:01:20.524Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42720
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204059" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204059" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42720", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-10-10T00:00:00", "dateUpdated": "2024-08-03T13:10:41.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32637
Vulnerability from cvelistv5
Published
2023-01-03 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/January-2023" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6883, MT6885, MT6889, MT8185, MT8789", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 10.0, 11.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-03T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2023" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32637", "datePublished": "2023-01-03T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32636
Vulnerability from cvelistv5
Published
2023-01-03 00:00
Modified
2024-08-03 07:46
Severity ?
EPSS score ?
Summary
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.608Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/January-2023" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 10.0, 11.0, 12.0, 13.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-03T00:00:00", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2023" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2022-32636", "datePublished": "2023-01-03T00:00:00", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T07:46:44.608Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33274
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Improper validation of array index in Android Core
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Improper validation of array index in Android Core" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33274", "datePublished": "2023-01-06T05:02:22.986Z", "dateReserved": "2022-06-14T10:44:39.599Z", "dateUpdated": "2024-08-03T08:01:20.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44431
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.554Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "cwe-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44431", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.554Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-35134
Vulnerability from cvelistv5
Published
2022-09-02 11:31
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
References
▼ | URL | Tags |
---|---|---|
https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:33:51.174Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "QCA6391, QCM6490, QCS6490, QSM8350, SD 8 Gen1 5G, SD778G, SD780G, SD888, SD888 5G, SM7315, SM7325P, SM7450, SM8475, SM8475P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8832, WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Incorrect Calculation of Buffer Size in Boot", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-02T11:31:01", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2021-35134", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile", "version": { "version_data": [ { "version_value": "QCA6391, QCM6490, QCS6490, QSM8350, SD 8 Gen1 5G, SD778G, SD780G, SD888, SD888 5G, SM7315, SM7325P, SM7450, SM8475, SM8475P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8832, WSA8835" } ] } } ] }, "vendor_name": "Qualcomm, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile" } ] }, "impact": { "cvss": { "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Incorrect Calculation of Buffer Size in Boot" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin" } ] } } } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2021-35134", "datePublished": "2022-09-02T11:31:01", "dateReserved": "2021-06-21T00:00:00", "dateUpdated": "2024-08-04T00:33:51.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20905
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.142Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10" } ] } ], "descriptions": [ { "lang": "en", "value": "In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20905", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.142Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44425
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "cwe-190 Integer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44425", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41674
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203770" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203770" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" }, { "url": "https://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41674", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-09-28T00:00:00", "dateUpdated": "2024-08-03T12:49:43.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33284
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Buffer over-read in WLAN
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.602Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Information disclosure due to buffer over-read in WLAN while parsing BTM action frame." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer over-read in WLAN" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33284", "datePublished": "2023-01-06T05:02:26.918Z", "dateReserved": "2022-06-14T10:44:39.602Z", "dateUpdated": "2024-08-03T08:01:20.602Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25715
Vulnerability from cvelistv5
Published
2023-01-06 04:42
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Incorrect type casting in Display driver
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:42.787Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS8155" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Incorrect type casting in Display driver" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25715", "datePublished": "2023-01-06T04:42:11.906Z", "dateReserved": "2022-02-22T11:38:09.297Z", "dateUpdated": "2024-08-03T04:49:42.787Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20915
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.758Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20915", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20456
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.796Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20456", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.796Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20916
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.654Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-12 Android-12L" } ] } ], "descriptions": [ { "lang": "en", "value": "In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20916", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44435
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44435", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42721
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204060" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204060" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42721", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-10-10T00:00:00", "dateUpdated": "2024-08-03T13:10:41.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22088
Vulnerability from cvelistv5
Published
2023-01-06 04:42
Modified
2024-08-03 03:00
Severity ?
EPSS score ?
Summary
Integer Overflow to Buffer Overflow in Bluetooth HOST
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:00:55.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8009W" }, { "status": "affected", "version": "APQ8052" }, { "status": "affected", "version": "APQ8056" }, { "status": "affected", "version": "APQ8076" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8909W" }, { "status": "affected", "version": "MSM8952" }, { "status": "affected", "version": "MSM8956" }, { "status": "affected", "version": "MSM8976" }, { "status": "affected", "version": "MSM8976SG" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN7606" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDW2500" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Integer Overflow to Buffer Overflow in Bluetooth HOST" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-22088", "datePublished": "2023-01-06T04:42:10.711Z", "dateReserved": "2021-12-21T09:16:35.473Z", "dateUpdated": "2024-08-03T03:00:55.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44434
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44434", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20461
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20461", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33286
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Buffer over-read in WLAN
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon IoT", "Snapdragon Mobile", "Snapdragon Voice \u0026 Music", "Snapdragon Wearables", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8064AU" }, { "status": "affected", "version": "APQ8076" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "IPQ4018" }, { "status": "affected", "version": "IPQ4028" }, { "status": "affected", "version": "IPQ4029" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8069" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "MDM8215" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9215" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9310" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9615" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9640" }, { "status": "affected", "version": "MDM9645" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8976" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA0000" }, { "status": "affected", "version": "QCA1023" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4020" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6174" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6175A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6428" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6438" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6694" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9898" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN7605" }, { "status": "affected", "version": "QCN7606" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA4155P" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 455" }, { "status": "affected", "version": "SD 636" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8CX" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD712" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD820" }, { "status": "affected", "version": "SD821" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDM630" }, { "status": "affected", "version": "SDX12" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX20M" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN3999" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer over-read in WLAN" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33286", "datePublished": "2023-01-06T05:02:30.303Z", "dateReserved": "2022-06-14T10:44:39.607Z", "dateUpdated": "2024-08-03T08:01:20.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44437
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.825Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44437", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.825Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20918
Vulnerability from cvelistv5
Published
2023-07-12 23:18
Modified
2024-11-06 16:52
Severity ?
EPSS score ?
Summary
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf075368a258c0b21386160d" }, { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173c0c82b0eb02d5b923a4e" }, { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db448084a83fd6cbfb7d3cf" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-07-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20918", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T16:50:58.683065Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:52:24.698Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eIn getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e" } ], "value": "In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-12T23:18:00.205Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf075368a258c0b21386160d" }, { "url": "https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173c0c82b0eb02d5b923a4e" }, { "url": "https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db448084a83fd6cbfb7d3cf" }, { "url": "https://source.android.com/security/bulletin/2023-07-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20918", "datePublished": "2023-07-12T23:18:00.205Z", "dateReserved": "2022-11-03T22:37:50.579Z", "dateUpdated": "2024-11-06T16:52:24.698Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44429
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.476Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "cwe-122 Heap Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44429", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.476Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20494
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-10 Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20494", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22079
Vulnerability from cvelistv5
Published
2023-01-06 04:42
Modified
2024-08-03 03:00
Severity ?
EPSS score ?
Summary
Buffer Over-read in BOOT
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:00:55.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8009W" }, { "status": "affected", "version": "APQ8064AU" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8909W" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "QCA4020" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDW2500" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX20M" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WSA8815" } ] } ], "descriptions": [ { "lang": "en", "value": "Denial of service while processing fastboot flash command on mmc due to buffer over read" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer Over-read in BOOT" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-22079", "datePublished": "2023-01-06T04:42:09.399Z", "dateReserved": "2021-12-21T09:16:35.471Z", "dateUpdated": "2024-08-03T03:00:55.326Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42719
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-15T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" }, { "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42719", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-10-10T00:00:00", "dateUpdated": "2024-08-03T13:10:41.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-44427
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.847Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", "vendor": "Unisoc (Shanghai) Technologies Co., Ltd.", "versions": [ { "status": "affected", "version": "Android10/Android11/Android12" } ] } ], "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "cwe-122 Heap Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-04T00:00:00", "orgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "shortName": "Unisoc" }, "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001" } ] } }, "cveMetadata": { "assignerOrgId": "63f92e9c-2193-4c24-98a9-93640392c3d3", "assignerShortName": "Unisoc", "cveId": "CVE-2022-44427", "datePublished": "2023-01-04T00:00:00", "dateReserved": "2022-10-31T00:00:00", "dateUpdated": "2024-08-03T13:54:03.847Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20922
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548" } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20922", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20924
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.545Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20924", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20919
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20919", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25717
Vulnerability from cvelistv5
Published
2023-01-06 04:56
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
Use-After-Free Issue in Display
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:42.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS8155" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in display due to double free while allocating frame buffer memory" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Use-After-Free Issue in Display" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-25717", "datePublished": "2023-01-06T04:56:05.812Z", "dateReserved": "2022-02-22T11:38:09.298Z", "dateUpdated": "2024-08-03T04:49:42.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33253
Vulnerability from cvelistv5
Published
2023-01-06 05:02
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Buffer over-read in WLAN
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:20.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5018" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T07:07:39.912894Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin" } ], "title": "Buffer over-read in WLAN" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-33253", "datePublished": "2023-01-06T05:02:17.616Z", "dateReserved": "2022-06-14T10:44:39.589Z", "dateUpdated": "2024-08-03T08:01:20.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20928
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.801Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-01-01" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/170855/Android-Binder-VMA-Management-Security-Issues.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-06T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-01-01" }, { "url": "http://packetstormsecurity.com/files/170855/Android-Binder-VMA-Management-Security-Issues.html" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-20928", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:21:33.801Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.