Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 47 |
| CVE-ID | CVE-2022-33217 CVE-2022-25720 CVE-2022-22077 CVE-2022-25723 CVE-2022-33214 CVE-2022-25718 CVE-2022-25748 CVE-2022-25660 CVE-2022-25661 CVE-2022-25687 CVE-2022-25736 CVE-2022-25749 CVE-2022-26471 CVE-2022-26472 CVE-2022-20425 CVE-2022-20416 CVE-2022-20418 CVE-2022-20413 CVE-2022-20415 CVE-2021-39758 CVE-2022-20351 CVE-2022-20420 CVE-2022-20419 CVE-2022-20410 CVE-2022-20394 CVE-2021-39673 CVE-2022-20412 CVE-2022-20417 CVE-2022-20440 CVE-2022-20433 CVE-2022-20432 CVE-2022-20431 CVE-2022-20430 CVE-2021-0699 CVE-2021-0951 CVE-2021-0696 CVE-2022-20409 CVE-2022-20424 CVE-2022-20423 CVE-2022-20422 CVE-2022-20439 CVE-2022-20438 CVE-2022-20437 CVE-2022-20436 CVE-2022-20435 CVE-2022-20434 CVE-2022-20421 |
| CWE-ID | CWE-119 CWE-129 CWE-416 CWE-367 CWE-310 CWE-190 CWE-415 CWE-822 CWE-125 CWE-502 CWE-264 CWE-200 CWE-284 CWE-787 CWE-362 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #37 is available. Public exploit code for vulnerability #47 is available. |
| Vulnerable software Subscribe |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 47 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU67818
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33217
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Qualcomm IPC. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Validation of Array Index
EUVDB-ID: #VU67831
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25720
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an improper validation of an array index in WLAN HOST during connect/roaming. A remote attacker can send specially crafted traffic to the device and execute arbitrary code.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU67832
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22077
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Graphics component. A local application can trigger a use-after-free in graphics dispatcher logic and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU67833
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25723
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Multimedia Frameworks. A local application can trigger a use-after- free during callback registration failure and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU67817
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33214
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the Display component. A local application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cryptographic issues
EUVDB-ID: #VU67824
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25718
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper checking on return value while authentication handshake within the WLAN component. A remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU67825
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25748
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the WLAN component when handling GTK frames. A remote attacker can send specially crafted traffic to the device, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Double Free
EUVDB-ID: #VU67814
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25660
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the kernel component. A local application can trigger a double free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Untrusted Pointer Dereference
EUVDB-ID: #VU67815
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25661
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU67826
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25687
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing asf clips within the Video component. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU67828
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25736
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Firmware when handling VHT action frames. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU67829
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25749
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Firmware when handling MDNS frames. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Deserialization of Untrusted Data
EUVDB-ID: #VU67838
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26471
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insecure input validation when processing serialized data within the telephony service. A local application can pass a specially crafted data to the affected service and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Deserialization of Untrusted Data
EUVDB-ID: #VU67839
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26472
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-10-01
CPE2.3- cpe:2.3:o:google:android:13:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12L:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:12:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:11:2022-10-01:*:*:*:*:*:
- cpe:2.3:o:google:android:10:2022-10-01:*:*:*:*:*:
http://source.android.com/docs/security/bulletin/2022-10-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67864
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20425
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67858
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20416
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Information disclosure
EUVDB-ID: #VU67857
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20418
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in the media framework. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU67856
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20413
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in the media framework. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67855
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20415
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within Android framework. A local application can execute arbitrary code with elevated privileges. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67854
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39758
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within WindowManager. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2022-10-01
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper access control
EUVDB-ID: #VU67853
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20351
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Android framework. A local application can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-09-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67852
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20420
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in Android framework. A
local application can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 13 - 13 2022-09-05
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information disclosure
EUVDB-ID: #VU67851
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20419
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android framework. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12L - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper access control
EUVDB-ID: #VU67863
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20410
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper access control
EUVDB-ID: #VU67862
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20394
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-09-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper access control
EUVDB-ID: #VU67861
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39673
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in System component. A local application can bypass implemented security restrictions and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 13 - 13 2022-09-05
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67860
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20412
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges. MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67859
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20417
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 13 2022-09-05
CPE2.3- cpe:2.3:o:google:android:13:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-09-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-09-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67885
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20440
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67877
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20433
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67876
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20432
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67875
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20431
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67874
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20430
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67873
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0699
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67872
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0951
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67871
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0696
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67870
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-20409
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing checks when working with concurrent tasks in io_uring implementation. A local application can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-10-01#2022-10-05-security-patch-level-vulnerability-details
http://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
38) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67869
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20424
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing checks when working with concurrent tasks in io_uring implementation. A local application can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-10-01#2022-10-05-security-patch-level-vulnerability-details
http://android.googlesource.com/kernel/common/+/812805ff3b0c7
http://android.googlesource.com/kernel/common/+/29f077d070519
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Integer overflow
EUVDB-ID: #VU67867
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20423
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer overflow within the rndis_set_response() function in drivers/usb/gadget/function/rndis.c in Linux kernel. A local application can trigger ab integer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-10-01#2022-10-05-security-patch-level-vulnerability-details
http://android.googlesource.com/kernel/common/+/0a21a3eb9fcea0609f3bc8bee1f796788e0a770e
http://android.googlesource.com/kernel/common/+/28bc0267399f4
http://lore.kernel.org/all/20220301080424.GA17208@kili/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds write
EUVDB-ID: #VU67866
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20422
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within emulation_proc_handler() in armv8 emulation in arch/arm64/kernel/armv8_deprecated.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-10-01#2022-10-05-security-patch-level-vulnerability-details
http://lore.kernel.org/all/20220128090324.2727688-1-hewenliang4@huawei.com/
http://lore.kernel.org/all/9A004C03-250B-46C5-BF39-782D7551B00E@tencent.com/
http://android.googlesource.com/kernel/common/+/885349f53dd73
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67884
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20439
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67883
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20438
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67882
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20437
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67881
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20436
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67879
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20435
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU67878
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20434
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Race condition
EUVDB-ID: #VU67865
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-20421
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the Binder driver in Android kernel in drivers/android/binder.c. A local application can exploit the race to trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-10-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-10-01#2022-10-05-security-patch-level-vulnerability-details
http://android.googlesource.com/kernel/common/+/19bb609b45fb
http://lore.kernel.org/all/20220801182511.3371447-1-cmllamas@google.com/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
