SB2022120550 - Multiple vulnerabilities in Google Pixel (December 2022)
Published: December 5, 2022 Updated: April 10, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 150 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2022-20576)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Telephony subcomponent in Pixel. A local application can execute arbitrary code.
2) Information exposure (CVE-ID: CVE-2022-20608)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Cellular firmware subcomponent in Pixel. A local application can gain access to sensitive information.
3) Information exposure (CVE-ID: CVE-2022-42529)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Kernel subcomponent in Pixel. A local application can gain access to sensitive information.
4) Information exposure (CVE-ID: CVE-2022-42530)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Pixel firmware subcomponent in Pixel. A local application can gain access to sensitive information.
5) Information exposure (CVE-ID: CVE-2022-42532)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Pixel firmware subcomponent in Pixel. A local application can gain access to sensitive information.
6) Improper input validation (CVE-ID: CVE-2022-20563)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Bootloader subcomponent in Pixel. A local application can execute arbitrary code.
7) Improper input validation (CVE-ID: CVE-2022-20569)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel Thermal Control Driver subcomponent in Pixel. A local application can execute arbitrary code.
8) Improper input validation (CVE-ID: CVE-2022-20577)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the sitril subcomponent in Pixel. A local application can execute arbitrary code.
9) Information exposure (CVE-ID: CVE-2022-20602)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
10) Improper input validation (CVE-ID: CVE-2022-20578)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
11) Improper input validation (CVE-ID: CVE-2022-20579)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
12) Improper input validation (CVE-ID: CVE-2022-20580)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the libufdt subcomponent in Pixel. A local application can execute arbitrary code.
13) Improper input validation (CVE-ID: CVE-2022-20581)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel camera driver subcomponent in Pixel. A local application can execute arbitrary code.
14) Improper input validation (CVE-ID: CVE-2022-20594)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Wireless Charger subcomponent in Pixel. A local application can execute arbitrary code.
15) Improper input validation (CVE-ID: CVE-2022-20596)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Wireless Charger subcomponent in Pixel. A local application can execute arbitrary code.
16) Improper input validation (CVE-ID: CVE-2022-20600)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LWIS subcomponent in Pixel. A local application can execute arbitrary code.
17) Information exposure (CVE-ID: CVE-2022-20604)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Exynos Firmware subcomponent in Pixel. A local application can gain access to sensitive information.
18) Information exposure (CVE-ID: CVE-2022-20575)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.
19) Improper input validation (CVE-ID: CVE-2022-42502)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
20) Information exposure (CVE-ID: CVE-2022-20591)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.
21) Improper input validation (CVE-ID: CVE-2022-20598)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
22) Improper input validation (CVE-ID: CVE-2022-20599)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel firmware subcomponent in Pixel. A local application can execute arbitrary code.
23) Improper input validation (CVE-ID: CVE-2022-42534)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the TF-A subcomponent in Pixel. A local application can execute arbitrary code.
24) Information disclosure (CVE-ID: CVE-2022-20498)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. An attacker with physical proximity to device can gain unauthorized access to sensitive information.
25) Information exposure (CVE-ID: CVE-2022-20589)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.
26) Information exposure (CVE-ID: CVE-2022-20590)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.
27) Information exposure (CVE-ID: CVE-2022-20592)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.
28) Information exposure (CVE-ID: CVE-2022-20574)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can gain access to sensitive information.
29) Improper input validation (CVE-ID: CVE-2022-20603)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
30) Improper input validation (CVE-ID: CVE-2022-20607)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Cellular Firmware subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
31) Improper input validation (CVE-ID: CVE-2022-20610)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pixel cellular modem subcomponent in Pixel. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
32) Improper input validation (CVE-ID: CVE-2022-20561)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Audio subcomponent in Pixel. A local application can execute arbitrary code.
33) Improper input validation (CVE-ID: CVE-2022-20564)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the libufdt subcomponent in Pixel. A local application can execute arbitrary code.
34) Improper input validation (CVE-ID: CVE-2022-42531)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the TF-A subcomponent in Pixel. A local application can execute arbitrary code.
35) Information exposure (CVE-ID: CVE-2022-20562)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Audio processor subcomponent in Pixel. A local application can gain access to sensitive information.
36) Improper input validation (CVE-ID: CVE-2022-42501)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
37) Improper input validation (CVE-ID: CVE-2022-42503)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
38) Improper input validation (CVE-ID: CVE-2022-20588)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
39) Information exposure (CVE-ID: CVE-2022-42515)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can gain access to sensitive information.
40) Information exposure (CVE-ID: CVE-2022-20601)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
41) Information exposure (CVE-ID: CVE-2022-20605)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
42) Information exposure (CVE-ID: CVE-2022-20606)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
43) Information exposure (CVE-ID: CVE-2022-20609)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Cellular firmware subcomponent in Pixel. A local application can gain access to sensitive information.
44) Information exposure (CVE-ID: CVE-2022-42512)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can gain access to sensitive information.
45) Information exposure (CVE-ID: CVE-2022-42514)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can gain access to sensitive information.
46) Information exposure (CVE-ID: CVE-2022-42516)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can gain access to sensitive information.
47) Information exposure (CVE-ID: CVE-2022-20593)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the gralloc subcomponent in Pixel. A local application can gain access to sensitive information.
48) Information exposure (CVE-ID: CVE-2022-42517)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can gain access to sensitive information.
49) Information exposure (CVE-ID: CVE-2022-42522)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can gain access to sensitive information.
50) Information exposure (CVE-ID: CVE-2022-42524)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
51) Improper input validation (CVE-ID: CVE-2022-42527)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can perform a denial of service (DoS) attack.
52) Use-after-free (CVE-ID: CVE-2022-25677)
The vulnerability allows a local application to escalate privileges on the system
The vulnerability exists due to a use-after-free error within the DIAG component when processing dci packets. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
53) Resource exhaustion (CVE-ID: CVE-2021-30348)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in Bluetooth. A remote attacker on the local network can trigger resource exhaustion and perform a denial of service (DoS) attack.
54) Reachable Assertion (CVE-ID: CVE-2022-25675)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing filter rule from application client. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.55) Information exposure (CVE-ID: CVE-2022-20595)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Wireless Charger subcomponent in Pixel. A local application can gain access to sensitive information.
56) Information exposure (CVE-ID: CVE-2022-20570)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Modem subcomponent in Pixel. A local application can gain access to sensitive information.
57) Improper input validation (CVE-ID: CVE-2022-42504)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
58) Improper input validation (CVE-ID: CVE-2022-42511)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
59) Improper input validation (CVE-ID: CVE-2022-42505)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
60) Improper input validation (CVE-ID: CVE-2022-42506)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
61) Improper input validation (CVE-ID: CVE-2022-42507)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
62) Improper input validation (CVE-ID: CVE-2022-42508)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
63) Improper input validation (CVE-ID: CVE-2022-42509)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
64) Improper input validation (CVE-ID: CVE-2022-42510)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
65) Improper input validation (CVE-ID: CVE-2022-42513)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
66) Information exposure (CVE-ID: CVE-2022-20560)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Kernel subcomponent in Pixel. A local application can gain access to sensitive information.
67) Improper input validation (CVE-ID: CVE-2022-42518)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
68) Improper input validation (CVE-ID: CVE-2022-42519)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
69) Improper input validation (CVE-ID: CVE-2022-42520)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
70) Improper input validation (CVE-ID: CVE-2022-42521)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
71) Improper input validation (CVE-ID: CVE-2022-42523)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
72) Improper input validation (CVE-ID: CVE-2022-42525)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
73) Improper input validation (CVE-ID: CVE-2022-42526)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the rild_exynos subcomponent in Pixel. A local application can execute arbitrary code.
74) Improper input validation (CVE-ID: CVE-2022-20597)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
75) Improper input validation (CVE-ID: CVE-2022-20587)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
76) Improper input validation (CVE-ID: CVE-2022-20504)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
77) Improper input validation (CVE-ID: CVE-2022-20522)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
78) Improper input validation (CVE-ID: CVE-2022-20506)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
79) Improper input validation (CVE-ID: CVE-2022-20507)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
80) Improper input validation (CVE-ID: CVE-2022-20508)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
81) Improper input validation (CVE-ID: CVE-2022-20509)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
82) Improper input validation (CVE-ID: CVE-2022-20519)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
83) Improper input validation (CVE-ID: CVE-2022-20520)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
84) Improper input validation (CVE-ID: CVE-2022-20525)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
85) Improper input validation (CVE-ID: CVE-2022-20503)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
86) Improper input validation (CVE-ID: CVE-2022-20529)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
87) Improper input validation (CVE-ID: CVE-2022-20533)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
88) Improper input validation (CVE-ID: CVE-2022-20536)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
89) Improper input validation (CVE-ID: CVE-2022-20537)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
90) Improper input validation (CVE-ID: CVE-2022-20539)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
91) Improper input validation (CVE-ID: CVE-2022-20540)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
92) Improper input validation (CVE-ID: CVE-2022-20544)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
93) Improper input validation (CVE-ID: CVE-2022-20505)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
94) Improper input validation (CVE-ID: CVE-2021-39771)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
95) Improper input validation (CVE-ID: CVE-2022-20547)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
96) Information exposure (CVE-ID: CVE-2022-20511)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
97) Improper input validation (CVE-ID: CVE-2022-20512)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
98) Improper input validation (CVE-ID: CVE-2022-20514)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
99) Improper input validation (CVE-ID: CVE-2022-20524)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
100) Improper input validation (CVE-ID: CVE-2022-20553)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
101) Improper input validation (CVE-ID: CVE-2022-20554)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
102) Information exposure (CVE-ID: CVE-2022-20510)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
103) Information exposure (CVE-ID: CVE-2022-20513)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
104) Information exposure (CVE-ID: CVE-2022-20528)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Media Framework component. A local application can gain access to sensitive information.
105) Information exposure (CVE-ID: CVE-2022-20523)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
106) Information exposure (CVE-ID: CVE-2022-20530)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
107) Information exposure (CVE-ID: CVE-2022-20538)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
108) Information exposure (CVE-ID: CVE-2022-20559)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
109) Improper input validation (CVE-ID: CVE-2022-20543)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
110) Improper input validation (CVE-ID: CVE-2022-20526)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
111) Improper input validation (CVE-ID: CVE-2022-20548)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Media Framework component. A local application can execute arbitrary code.
112) Improper input validation (CVE-ID: CVE-2022-20546)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
113) Improper input validation (CVE-ID: CVE-2022-20549)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
114) Improper input validation (CVE-ID: CVE-2022-20586)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
115) Double Free (CVE-ID: CVE-2022-28390)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
116) Use-after-free (CVE-ID: CVE-2022-1419)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in vgem_gem_dumb_create() function in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
117) Use-after-free (CVE-ID: CVE-2022-20566)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_chan_put() function in Bluetooth L2CAP implementation. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
118) Race condition (CVE-ID: CVE-2022-20567)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the pppol2tp_create() function in l2tp_ppp.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
119) Improper input validation (CVE-ID: CVE-2022-20568)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the io_uring subcomponent in Kernel components. A local application can execute arbitrary code.
120) Improper input validation (CVE-ID: CVE-2022-20571)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the dm-verity subcomponent in Kernel components. A local application can execute arbitrary code.
121) Incorrect authorization (CVE-ID: CVE-2022-20572)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing permission check within the verity_target() function in dm-verity-target.c. A local user can modify read-only files and escalate privileges on the system.
122) Incorrect default permissions (CVE-ID: CVE-2022-30594)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to mishandling seccomp permissions. A local user can bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag and escalate privileges on the system.
123) Out-of-bounds write (CVE-ID: CVE-2022-0500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in unrestricted eBPF usage by the BPF_BTF_LOAD in Linux kernel. A local user can trigger an out-of-bounds write error in BPF subsystem and execute arbitrary code with elevated privileges.
124) Double Free (CVE-ID: CVE-2022-34494)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the rpmsg_virtio_add_ctrl_dev() function in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel remote processor messaging (rpmsg) framework. A local user can run a specially crafted program to trigger a double free error and perform a denial of service (DoS) attack.
125) Double Free (CVE-ID: CVE-2022-34495)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the rpmsg_probe() function in drivers/rpmsg/virtio_rpmsg_bus.c in Linux kernel. A local user can trigger a double free error in the virtio RPMSG bus driver and crash the system.
126) Information exposure (CVE-ID: CVE-2022-20573)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Kernel subcomponent in Kernel components. A local application can gain access to sensitive information.
127) Improper input validation (CVE-ID: CVE-2022-20582)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
128) Improper input validation (CVE-ID: CVE-2022-20583)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
129) Improper input validation (CVE-ID: CVE-2022-20584)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the TF-A subcomponent in Pixel. A local application can execute arbitrary code.
130) Improper input validation (CVE-ID: CVE-2022-20585)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the LDFW subcomponent in Pixel. A local application can execute arbitrary code.
131) Integer overflow (CVE-ID: CVE-2022-1116)
The vulnerability allows a local user to execute code with elevated privileges.
The vulnerability exists due to integer overflow in the io_uring subsystem in the Linux kernel. A local user can trigger integer overflow, cause a denial of service or execute arbitrary code with elevated privileges.
132) Improper input validation (CVE-ID: CVE-2022-20545)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
133) Improper input validation (CVE-ID: CVE-2022-20550)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
134) Information exposure (CVE-ID: CVE-2022-20517)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
135) Improper input validation (CVE-ID: CVE-2022-20556)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
136) Improper input validation (CVE-ID: CVE-2022-20557)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
137) Improper input validation (CVE-ID: CVE-2022-20558)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
138) Improper input validation (CVE-ID: CVE-2022-42542)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
139) Information exposure (CVE-ID: CVE-2022-20199)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
140) Information exposure (CVE-ID: CVE-2022-20515)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
141) Information exposure (CVE-ID: CVE-2022-20516)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
142) Information exposure (CVE-ID: CVE-2022-20518)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
143) Improper input validation (CVE-ID: CVE-2022-20521)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
144) Information exposure (CVE-ID: CVE-2022-20527)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
145) Information exposure (CVE-ID: CVE-2022-20531)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
146) Information exposure (CVE-ID: CVE-2022-20535)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
147) Information exposure (CVE-ID: CVE-2022-20541)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
148) Information exposure (CVE-ID: CVE-2022-20552)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
149) Information exposure (CVE-ID: CVE-2022-20555)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
150) Information exposure (CVE-ID: CVE-2022-42535)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
Remediation
Install update from vendor's website.