SB2022100403 - Multiple vulnerabilities in Google Android
Published: October 4, 2022 Updated: September 19, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 47 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-33217)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Qualcomm IPC. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
2) Improper Validation of Array Index (CVE-ID: CVE-2022-25720)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an improper validation of an array index in WLAN HOST during connect/roaming. A remote attacker can send specially crafted traffic to the device and execute arbitrary code.
3) Use-after-free (CVE-ID: CVE-2022-22077)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Graphics component. A local application can trigger a use-after-free in graphics dispatcher logic and execute arbitrary code with elevated privileges.
4) Use-after-free (CVE-ID: CVE-2022-25723)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Multimedia Frameworks. A local application can trigger a use-after- free during callback registration failure and execute arbitrary code with elevated privileges.
5) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2022-33214)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the Display component. A local application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
6) Cryptographic issues (CVE-ID: CVE-2022-25718)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper checking on return value while authentication handshake within the WLAN component. A remote attacker can perform MitM attack.
7) Integer overflow (CVE-ID: CVE-2022-25748)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the WLAN component when handling GTK frames. A remote attacker can send specially crafted traffic to the device, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Double Free (CVE-ID: CVE-2022-25660)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the kernel component. A local application can trigger a double free error and execute arbitrary code with elevated privileges.
9) Untrusted Pointer Dereference (CVE-ID: CVE-2022-25661)
The vulnerability allows a local application to escalate privileges on the system.
10) Buffer overflow (CVE-ID: CVE-2022-25687)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing asf clips within the Video component. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Out-of-bounds read (CVE-ID: CVE-2022-25736)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Firmware when handling VHT action frames. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
12) Out-of-bounds read (CVE-ID: CVE-2022-25749)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Firmware when handling MDNS frames. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.13) Deserialization of Untrusted Data (CVE-ID: CVE-2022-26471)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insecure input validation when processing serialized data within the telephony service. A local application can pass a specially crafted data to the affected service and execute arbitrary code with elevated privileges.
14) Deserialization of Untrusted Data (CVE-ID: CVE-2022-26472)
The vulnerability allows a local application to escalate privileges on the system.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20425)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.16) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20416)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.
17) Information disclosure (CVE-ID: CVE-2022-20418)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in the media framework. A local application can gain unauthorized access to sensitive information on the system.
18) Information disclosure (CVE-ID: CVE-2022-20413)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in the media framework. A local application can gain unauthorized access to sensitive information on the system.
19) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20415)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within Android framework. A local application can execute arbitrary code with elevated privileges.20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-39758)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within WindowManager. A local application can execute arbitrary code with elevated privileges.
21) Improper access control (CVE-ID: CVE-2022-20351)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Android framework. A local application can gain access to sensitive information.
22) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20420)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in Android framework. A
local application can escalate privileges on the system.
23) Information disclosure (CVE-ID: CVE-2022-20419)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android framework. A local application can gain unauthorized access to sensitive information on the system.
24) Improper access control (CVE-ID: CVE-2022-20410)
The vulnerability allows a local application to gain access to sensitive information.
25) Improper access control (CVE-ID: CVE-2022-20394)
The vulnerability allows a local application to gain access to sensitive information.
26) Improper access control (CVE-ID: CVE-2021-39673)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in System component. A local application can bypass implemented security restrictions and gain access to sensitive information.
27) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20412)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.28) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20417)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in System component. A local application can execute arbitrary code with elevated privileges.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20440)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20433)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
31) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20432)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
32) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20431)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20430)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
34) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0699)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
35) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0951)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
36) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0696)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified vulnerability in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20409)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing checks when working with concurrent tasks in io_uring implementation. A local application can escalate privileges on the system.
38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20424)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to missing checks when working with concurrent tasks in io_uring implementation. A local application can escalate privileges on the system.
39) Integer overflow (CVE-ID: CVE-2022-20423)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer overflow within the rndis_set_response() function in drivers/usb/gadget/function/rndis.c in Linux kernel. A local application can trigger ab integer overflow and execute arbitrary code with elevated privileges.
40) Out-of-bounds write (CVE-ID: CVE-2022-20422)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within emulation_proc_handler() in armv8 emulation in arch/arm64/kernel/armv8_deprecated.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
41) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20439)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
42) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20438)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
43) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20437)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
44) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20436)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
45) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20435)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC component. A local application can execute arbitrary code with elevated privileges.
46) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20434)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in UNISOC Telephony component. A local application can execute arbitrary code with elevated privileges.
47) Race condition (CVE-ID: CVE-2022-20421)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the Binder driver in Android kernel in drivers/android/binder.c. A local application can exploit the race to trigger a use-after-free error and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://source.android.com/docs/security/bulletin/2022-10-01
- https://source.android.com/docs/security/bulletin/2022-10-01#2022-10-01-security-patch-level-vulnerability-details
- https://source.android.com/docs/security/bulletin/2022-10-01#2022-10-05-security-patch-level-vulnerability-details
- https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9
- https://android.googlesource.com/kernel/common/+/812805ff3b0c7
- https://android.googlesource.com/kernel/common/+/29f077d070519
- https://android.googlesource.com/kernel/common/+/0a21a3eb9fcea0609f3bc8bee1f796788e0a770e
- https://android.googlesource.com/kernel/common/+/28bc0267399f4
- https://lore.kernel.org/all/20220301080424.GA17208@kili/
- https://lore.kernel.org/all/20220128090324.2727688-1-hewenliang4@huawei.com/
- https://lore.kernel.org/all/9A004C03-250B-46C5-BF39-782D7551B00E@tencent.com/
- https://android.googlesource.com/kernel/common/+/885349f53dd73
- https://android.googlesource.com/kernel/common/+/19bb609b45fb
- https://lore.kernel.org/all/20220801182511.3371447-1-cmllamas@google.com/