Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 73 |
| CVE-ID | CVE-2022-25689 CVE-2022-33268 CVE-2022-25672 CVE-2022-25673 CVE-2022-25681 CVE-2022-25682 CVE-2022-25685 CVE-2022-25691 CVE-2022-39129 CVE-2022-25692 CVE-2022-25695 CVE-2022-25697 CVE-2022-25698 CVE-2022-25702 CVE-2022-33235 CVE-2022-33238 CVE-2022-39130 CVE-2022-42772 CVE-2022-23960 CVE-2022-39106 CVE-2021-39660 CVE-2022-32594 CVE-2022-32596 CVE-2022-32597 CVE-2022-32598 CVE-2022-32619 CVE-2022-32620 CVE-2022-39131 CVE-2022-42771 CVE-2022-39132 CVE-2022-39133 CVE-2022-39134 CVE-2022-42754 CVE-2022-42755 CVE-2022-42756 CVE-2022-42770 CVE-2022-20495 CVE-2022-20488 CVE-2022-20487 CVE-2022-20484 CVE-2022-20480 CVE-2022-20479 CVE-2022-20478 CVE-2022-20240 CVE-2022-20498 CVE-2022-20469 CVE-2022-20411 CVE-2022-20496 CVE-2022-20497 CVE-2022-20471 CVE-2022-20468 CVE-2022-20483 CVE-2022-20466 CVE-2022-20501 CVE-2022-20482 CVE-2022-20449 CVE-2022-20611 CVE-2022-20491 CVE-2022-20486 CVE-2022-20485 CVE-2022-20474 CVE-2022-20470 CVE-2022-20444 CVE-2022-20442 CVE-2021-39617 CVE-2022-20473 CVE-2022-20472 CVE-2022-20502 CVE-2022-20477 CVE-2021-0934 CVE-2022-20476 CVE-2022-20500 CVE-2022-20475 |
| CWE-ID | CWE-617 CWE-125 CWE-119 CWE-823 CWE-388 CWE-121 CWE-129 CWE-835 CWE-787 CWE-1037 CWE-667 CWE-264 CWE-362 CWE-122 CWE-416 CWE-200 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #61 is available. |
| Vulnerable software Subscribe |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 73 vulnerabilities.
1) Reachable Assertion
EUVDB-ID: #VU69954
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25689
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU69963
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33268
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Bluetooth HOST when pairing and connecting A2DP. An attacker with [physical proximity to device can trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable Assertion
EUVDB-ID: #VU69951
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25672
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing SIB1 with invalid Bandwidth. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Reachable Assertion
EUVDB-ID: #VU69952
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25673
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing configuration from network. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU69953
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25681
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within kernel caused by the hypervisor not correctly invalidating the processor translation caches. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU69945
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25682
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the User Identity Module when decoding command from card. A local application can trigger memory corruption and execute arbitrary code with elevated privileges. MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Error Handling
EUVDB-ID: #VU69947
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25685
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the Multi-Mode Call Processor. A remote attacker can send specially crafted traffic to the device and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Reachable Assertion
EUVDB-ID: #VU69955
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25691
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing SIB1 with invalid SCS and bandwidth settings. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Stack-based buffer overflow
EUVDB-ID: #VU70012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39129
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the face detect driver. A local application can trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Reachable Assertion
EUVDB-ID: #VU69956
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25692
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing common config procedure. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Validation of Array Index
EUVDB-ID: #VU69946
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25695
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the User Identity Module when processing GSTK Proactive commands. A local application can trigger memory corruption and execute arbitrary code with elevated privileges. MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU69957
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25697
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in i2c buses when reading address configuration from i2c driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU69958
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25698
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Reachable Assertion
EUVDB-ID: #VU69959
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25702
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the Modem component when processing reconfiguration message. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU69960
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33235
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the WLAN firmware when parsing security context info attributes. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Infinite loop
EUVDB-ID: #VU69961
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33238
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the WLAN Firmware when processing an incoming FTM frames. A remote attacker can send specially crafted traffic to the device, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU70023
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39130
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the face detect driver. A local application can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds write
EUVDB-ID: #VU70022
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42772
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU65007
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23960
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.
The vulnerability was dubbed Spectre-BHB.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper locking
EUVDB-ID: #VU70010
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39106
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking error within the serviceIn sensor driver. A local application can trigger a deadlock and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU70008
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39660
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the PowerVR-GPU component. A local application can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds write
EUVDB-ID: #VU69881
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32594
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds write
EUVDB-ID: #VU69888
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32596
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds write
EUVDB-ID: #VU69882
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32597
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds write
EUVDB-ID: #VU69883
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32598
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in widevine. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU69877
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in keyinstall. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU69889
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32620
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within mpu. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU70009
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39131
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the camera driver. A local application can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Race condition
EUVDB-ID: #VU70021
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42771
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Heap-based buffer overflow
EUVDB-ID: #VU70013
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39132
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the camera driver. A local application can trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds write
EUVDB-ID: #VU70014
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39133
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver. A local application can trigger an out-of-bounds write and crash the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Race condition
EUVDB-ID: #VU70015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-39134
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the audio driver. A local local application can exploit the race to trigger a use-after-free and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU70016
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the npu driver. A local application can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds write
EUVDB-ID: #VU70017
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42755
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the wlan driver driver. A local application can trigger an out-of-bounds write and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Buffer overflow
EUVDB-ID: #VU70018
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42756
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the sensor driver. A local application can trigger memory corruption and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Race condition
EUVDB-ID: #VU70019
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42770
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the wlan driver. A local application can exploit the race and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2022-12-05
CPE2.3http://source.android.com/docs/security/bulletin/2022-12-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69998
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20495
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69997
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20488
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69996
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20487
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69995
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20484
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69994
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20480
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69993
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20479
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69992
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20478
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69991
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20240
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 12L 2022-11-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Information disclosure
EUVDB-ID: #VU69990
Risk: Medium
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20498
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. An attacker with physical proximity to device can gain unauthorized access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Arbitrary code execution
EUVDB-ID: #VU69989
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20469
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected device.
The vulnerability exists due to insufficient validation of untrused input within the Bluetooth component. An attacker with physical proximity to device can pass specially crafted input to the system and execute arbitrary code.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Arbitrary code execution
EUVDB-ID: #VU69988
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20411
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected device.
The vulnerability exists due to insufficient validation of untrused input within the Bluetooth component. An attacker with physical proximity to device can pass specially crafted input to the system and execute arbitrary code.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Information disclosure
EUVDB-ID: #VU69987
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20496
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Android Media framework. A local application can gain unauthorized access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Information disclosure
EUVDB-ID: #VU70006
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20497
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Information disclosure
EUVDB-ID: #VU70005
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20471
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Information disclosure
EUVDB-ID: #VU70003
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20468
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Information disclosure
EUVDB-ID: #VU70002
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20483
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Information disclosure
EUVDB-ID: #VU70000
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20466
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69999
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20501
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Bluetooth component. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU69985
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20482
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Input validation error
EUVDB-ID: #VU69980
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20449
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69978
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20611
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69977
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20491
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69976
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20486
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69975
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20485
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69974
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-20474
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
62) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69973
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20470
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69972
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20444
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11 - 12 2022-11-05
CPE2.3- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69971
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20442
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-11-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69970
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39617
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11 - 12L 2022-11-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Input validation error
EUVDB-ID: #VU69968
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20473
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within Android framework. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Input validation error
EUVDB-ID: #VU69967
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20472
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within Android framework. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Information disclosure
EUVDB-ID: #VU69966
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20502
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Android Runtime. A local application can gain unauthorized access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 13 - 13 2022-11-05
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69983
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20477
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 13 - 13 2022-11-05
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Input validation error
EUVDB-ID: #VU69979
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0934
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Input validation error
EUVDB-ID: #VU69984
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20476
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 12L 2022-11-05
CPE2.3- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Input validation error
EUVDB-ID: #VU69981
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20500
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of untrusted input within the Android framework. A local application can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:10:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU69982
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20475
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 11 - 13 2022-11-05
CPE2.3- cpe:2.3:o:google:android:13:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12L:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:12:2022-11-05:*:*:*:*:*:*
- cpe:2.3:o:google:android:11:2022-11-05:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
