Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 40 |
| CVE-ID | CVE-2021-35111 CVE-2022-22090 CVE-2022-22087 CVE-2022-22086 CVE-2022-22085 CVE-2022-22084 CVE-2022-22083 CVE-2022-22082 CVE-2021-35102 CVE-2021-4154 CVE-2021-35083 CVE-2022-21745 CVE-2022-20136 CVE-2022-20132 CVE-2022-25258 CVE-2022-24958 CVE-2022-20141 CVE-2022-20210 CVE-2021-39624 CVE-2022-20143 CVE-2022-20129 CVE-2022-20144 CVE-2022-20137 CVE-2022-20135 CVE-2022-20134 CVE-2022-20133 CVE-2022-20126 CVE-2022-20124 CVE-2022-20140 CVE-2022-20127 CVE-2022-20130 CVE-2022-20138 CVE-2022-20125 CVE-2022-20006 CVE-2022-20131 CVE-2022-20142 CVE-2022-20145 CVE-2022-20147 CVE-2022-20123 CVE-2021-39691 |
| CWE-ID | CWE-367 CWE-416 CWE-119 CWE-415 CWE-823 CWE-121 CWE-125 CWE-200 CWE-476 CWE-763 CWE-264 CWE-20 CWE-362 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #18 is available. |
| Vulnerable software Subscribe |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 40 vulnerabilities.
1) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU64043
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35111
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of tag id while RRC sending tag id to MAC within Modem. A remote attacker can perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU64045
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22090
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error while managing buffers from internal cache in Audio. A local attacker can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU64023
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22087
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Video while parsing mkv clip with no codechecker. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Double Free
EUVDB-ID: #VU64022
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22086
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to double free in Video while parsing 3gp clip with invalid meta data atoms. A remote attacker can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU64021
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22085
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Video while reading the dts file. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU64020
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22084
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Video when extracting qcp audio file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU64019
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22083
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in Video while extracting ape header from clips. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU64018
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Video while parsing DSF header. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU64040
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35102
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to lack of validation for the length of NAI string read from EFS in Data Modem. A local user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU59840
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-4154
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cgroup1_parse_param() function in kernel/cgroup/cgroup-v1.c in Linux kernel's cgroup v1 parser. A local user can execute arbitrary code via the fsconfig syscall parameter leading to a container breakout.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Out-of-bounds read
EUVDB-ID: #VU64036
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35083
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper validation of certificate chain in SSL or Internet key exchange in Data Modem. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU64142
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WIFI firmware. A remote attacker can trick the victim into connecting to the malicious hotspot compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Information disclosure
EUVDB-ID: #VU64138
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20136
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the RNDIS driver in Linux Kernel. A local user can trigger the vulnerability to gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU64136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20132
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the USB HID component in Linux Kernel. A local user can trigger the vulnerability to gain access to potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU61270
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25258
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error drivers/usb/gadget/composite.c in the Linux kernel. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). A local user can run a specially crafted program to trigger memory corruption and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Release of invalid pointer or reference
EUVDB-ID: #VU63315
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24958
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of illegal memory vulnerability in the drivers/usb/gadget/legacy/inode.c. A remote attacker can send specially crafted data and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64134
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20141
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper imposition of security restrictions in the Linux kernel's components. A local user can trigger the vulnerability to bypass security restrictions bypass and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU64159
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-20210
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the modem firmware component. A remote attacker can send a specially-crafted packet to execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-06-01
CPE2.3- cpe:2.3:o:google:android:12L:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-06-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-06-01:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
19) Input validation error
EUVDB-ID: #VU61081
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39624
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Android Framework. A malicious application can trick the victim to perform certain actions and crash the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU64132
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20143
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Android System. A malicious application can trick the victim to perform certain actions and crash the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU64131
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Android System. A malicious application can trick the victim to perform certain actions and crash the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64124
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20144
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
http://source.android.com/docs/security/bulletin/2022-12-01#2022-12-01-security-patch-level-vulnerability-details
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64121
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20137
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64120
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20135
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64118
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20134
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64117
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20133
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64116
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20126
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64115
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20124
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
http://source.android.com/docs/security/bulletin/2022-12-01#2022-12-01-security-patch-level-vulnerability-details
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64112
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20140
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU64110
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20127
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Android System. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Input validation error
EUVDB-ID: #VU64104
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to an unspecified error in Android Media Framework. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20138
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android Framework. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64100
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20125
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android Framework. A local application can bypass security restrictions and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Race condition
EUVDB-ID: #VU64099
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20006
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to race condition in several functions of KeyguardServiceWrapper.java and related files. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-05-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Information disclosure
EUVDB-ID: #VU64129
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20131
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Android System. A local application can gain unauthorized access to sensitive information on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64122
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20142
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64114
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20145
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 11 - 11 2022-05-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64125
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20147
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android System. A local application can bypass security restrictions and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Information disclosure
EUVDB-ID: #VU64128
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20123
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Android System. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64098
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39691
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Android Framework. A local application can bypass security restrictions and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-05-05
CPE2.3- cpe:2.3:o:google:android:10:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-05-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-06-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-05-05:*:*:*:*:*:*
http://source.android.com/security/bulletin/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
