Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 39 |
| CVE-ID | CVE-2021-35105 CVE-2021-30333 CVE-2021-30332 CVE-2021-30329 CVE-2021-30328 CVE-2021-1950 CVE-2021-35110 CVE-2021-1942 CVE-2021-35117 CVE-2021-35106 CVE-2021-35103 CVE-2021-35088 CVE-2020-29368 CVE-2021-39705 CVE-2021-39702 CVE-2021-39701 CVE-2021-0957 CVE-2021-39708 CVE-2021-39667 CVE-2021-39690 CVE-2021-39624 CVE-2021-39709 CVE-2021-39695 CVE-2021-39693 CVE-2021-39692 CVE-2021-39689 CVE-2021-39697 CVE-2021-39707 CVE-2021-39706 CVE-2021-39704 CVE-2021-39703 CVE-2021-39698 CVE-2021-39685 CVE-2021-39686 CVE-2021-39694 CVE-2021-3655 CVE-2022-20053 CVE-2022-20048 CVE-2022-20047 |
| CWE-ID | CWE-704 CWE-119 CWE-617 CWE-287 CWE-264 CWE-125 CWE-787 CWE-200 CWE-20 CWE-416 CWE-362 CWE-909 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #33 is available. |
| Vulnerable software Subscribe |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 39 vulnerabilities.
1) Type conversion
EUVDB-ID: #VU61066
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35105
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a type conversion error in the Graphics component during graphics profiling. A malicious application can trigger a boundary error and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU61060
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30333
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing EFS files within the Multi-Mode Call Processor. A local application can trigger memory corruption and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable Assertion
EUVDB-ID: #VU61074
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30332
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in NR5G when validating OTA configuration. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Reachable Assertion
EUVDB-ID: #VU61073
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30329
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in NR5G validating TCI configuration. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Reachable Assertion
EUVDB-ID: #VU61072
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30328
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in the NR5G component when validating NR CSI-IM resource configuration. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Authentication
EUVDB-ID: #VU61071
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1950
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to improper cleaning of secure memory between authenticated users. A local user can bypass face authentication mechanism. MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Type conversion
EUVDB-ID: #VU61070
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35110
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a type conversion error in the Boot subsystem when validating hash segment of file. A malicious application can supply a specially crafted file and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU61068
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1942
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due improper handling of permissions of a shared memory region in the Core subsystem. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU61065
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35117
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the WLAN Host while processing an IBSS beacon. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU61064
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35106
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary condition in the WLAN Host component when calculating length of WMI messages. A local application can send an overly long WMI message to trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU61063
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35103
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper validation of number of timer values received from firmware while syncing timers in the WLAN Host Communication component. A malicious application can trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU61062
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35088
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the WLAN Host Communication component during SSID IE parse when channel is DFS. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU51549
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-29368
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the __split_huge_pmd() function in mm/huge_memory.c in the Linux kernel. A local user can abuse the copy-on-write implementation and gain unintended write access because of a race condition in a THP mapcount check.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU61093
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39705
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the Android kernel. A malicious application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Security restrictions bypass
EUVDB-ID: #VU61087
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39702
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12 2022-02-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Security restrictions bypass
EUVDB-ID: #VU61086
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39701
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Security restrictions bypass
EUVDB-ID: #VU61085
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0957
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Security restrictions bypass
EUVDB-ID: #VU61084
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39708
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to unspecified error in the OS kernel. A remote attacker can trick the victim to perform certain actions on the device and execute arbitrary code.
Successful exploitation of the vulnerability may result in full system compromise.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12 2022-02-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information disclosure
EUVDB-ID: #VU61083
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39667
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in media framework. A remote attacker can trick the victim to open a specially crafted media file and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU61082
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39690
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Android Framework. A malicious application can trick the victim to perform certain actions and crash the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12 2022-02-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU61081
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39624
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Android Framework. A malicious application can trick the victim to perform certain actions and crash the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-09-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Security restrictions bypass
EUVDB-ID: #VU61092
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39709
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12 2022-02-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Security restrictins bypass
EUVDB-ID: #VU61079
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39695
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11 - 11 2022-02-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Security restrictions bypass
EUVDB-ID: #VU61078
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39693
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12 2022-02-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Security restrictins bypass
EUVDB-ID: #VU61077
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39692
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Security restrictions bypass
EUVDB-ID: #VU61076
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39689
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to improper privilege management in Android runtime. A malicious application can execute arbitrary code with system privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12 2022-02-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Security restrictions bypass
EUVDB-ID: #VU61080
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39697
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Android Framework. A malicious application can trick the victim to perform certain actions and escalate privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Security restrictions bypass
EUVDB-ID: #VU61091
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39707
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Security restrictions bypass
EUVDB-ID: #VU61090
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39706
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Security restrictions bypass
EUVDB-ID: #VU61089
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39704
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-02-05
CPE2.3- cpe:2.3:o:google:android:12:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-02-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-02-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Security restrictions bypass
EUVDB-ID: #VU61088
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39703
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Android kernel. A malicious application can escalate privileges on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12 2022-02-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#2022-03-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU61097
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39698
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Linux kernel. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#details-05
http://android.googlesource.com/kernel/common/+/42288cb44c4b
http://android.googlesource.com/kernel/common/+/a880b28a71e3
http://android.googlesource.com/kernel/common/+/9537bae0da1f
http://android.googlesource.com/kernel/common/+/363bee27e258
http://android.googlesource.com/kernel/common/+/50252e4b5e98
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Buffer overflow
EUVDB-ID: #VU61095
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-39685
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a malicious host to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the USB subsystem in Linux kernel. A malicious USB device can trigger memory corruption and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#details-05
http://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de
http://android.googlesource.com/kernel/common/+/53afb231f54a69d827b882fa282b30bb10cb08a5
http://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
34) Race condition
EUVDB-ID: #VU61096
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39686
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the binder implementation in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-03-01#details-05
http://android.googlesource.com/kernel/common/+/d49297739550
http://android.googlesource.com/kernel/common/+/3af7a2f61023
http://android.googlesource.com/kernel/common/+/11db2de0af2a
http://android.googlesource.com/kernel/common/+/a4eacf3227bd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Security restrictions bypass
EUVDB-ID: #VU61094
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39694
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to improper privilege management within the Permission Controller in Android framework. A malicious application can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12 2022-03-01
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-03-01#details-05
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Missing initialization of resource
EUVDB-ID: #VU61098
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3655
CWE-ID:
CWE-909 - Missing initialization of resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing initialization of resource in the Linux kernel when processing inbound SCTP packets. A remote attacker can send specially crafted SCTP packets to the system and force the kernel to read uninitialized memory.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12 2022-03-01
CPE2.3- cpe:2.3:o:google:android:12:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-03-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-03-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-03-01
http://android.googlesource.com/kernel/common/+/d4dbef7046e2
http://android.googlesource.com/kernel/common/+/6ef81a5c0e22
http://android.googlesource.com/kernel/common/+/ffca46766850
http://android.googlesource.com/kernel/common/+/ccb79116c372
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU61101
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20053
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing permissions check in the ims service. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2022-03-05
CPE2.3http://source.android.com/security/bulletin/2022-03-01#details-05
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU61100
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20048
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in media decoder. A remote attacker can trick the victim to open a specially crafted media file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2022-03-05
CPE2.3http://source.android.com/security/bulletin/2022-03-01#details-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU61099
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20047
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in video decoder. A remote attacker can trick the victim to open a specially crafted media file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2022-03-05
CPE2.3http://source.android.com/security/bulletin/2022-03-01#details-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
