Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 28 |
| CVE-ID | CVE-2022-20236 CVE-2022-25659 CVE-2022-25658 CVE-2022-25657 CVE-2022-22058 CVE-2022-22096 CVE-2022-20238 CVE-2022-20217 CVE-2022-20227 CVE-2022-20216 CVE-2022-21764 CVE-2022-21763 CVE-2022-21768 CVE-2022-21767 CVE-2022-21744 CVE-2022-20083 CVE-2022-20220 CVE-2022-20219 CVE-2022-20228 CVE-2022-20222 CVE-2022-20229 CVE-2021-0981 CVE-2022-20223 CVE-2022-20226 CVE-2022-20221 CVE-2022-20224 CVE-2022-20225 CVE-2022-20230 |
| CWE-ID | CWE-264 CWE-119 CWE-822 CWE-416 CWE-121 CWE-125 CWE-284 CWE-122 CWE-787 CWE-200 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 28 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65072
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20236
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Unisoc gpu component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3 External linkshttps://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU64977
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-25659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing video files. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Untrusted Pointer Dereference
EUVDB-ID: #VU64976
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-25658
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing video files. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU64974
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-25657
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing .mkv files. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU64973
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-22058
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in kernel while processing ION handles. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU64971
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-22096
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Bluetooth HOST. An attacker with physical proximity to device can send specially crafted data to trigger stack-based buffer overflow and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65073
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20238
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Unisoc kernel component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65071
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20217
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Unisoc Telephony component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU65069
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20227
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in USB implementation in OS kernel. A malicious application can read potentially sensitive information from kernel memory.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65070
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20216
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Unisoc Telephony component. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper access control
EUVDB-ID: #VU65028
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21764
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper access control
EUVDB-ID: #VU65027
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21763
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in telecom service. A local application can obtain potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Heap-based buffer overflow
EUVDB-ID: #VU65032
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21768
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Heap-based buffer overflow
EUVDB-ID: #VU65031
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21767
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A remote attacker with physical proximity to device can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds write
EUVDB-ID: #VU65029
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-21744
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Modem 2G RR when decoding GPRS Packet Neighbour Cell Data (PNCD). A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds write
EUVDB-ID: #VU65030
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-20083
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in Modem 2G/3G CC when decoding combined FACILITY. A remote attacker can send specially crafted packets to the device, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65068
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20220
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to Android Framework does not properly impose security restrictions and allows file operations outside the Call Composer directory. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12L - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#2022-07-05-security-patch-level-vulnerability-details
https://android.googlesource.com/platform/packages/providers/ContactsProvider/+/0aba93d7d0a92a277f540fec7d5b04b2850fa184
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU65057
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20219
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android Framework. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information disclosure
EUVDB-ID: #VU65058
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20228
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android Framework. A local application can gain unauthorized access to sensitive information on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12L - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU65060
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-20222
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to an unspecified error in Android System. A remote attacker can trick the victim into opening a specially crafted input and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 12L - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU65062
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-20229
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to an unspecified error in Android System. A remote attacker can trick the victim into opening a specially crafted input and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65064
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0981
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in Android System. A local application can trigger the vulnerability and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 11
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65081
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20223
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in Android System. A local application can trigger the vulnerability and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU65083
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20226
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to unspecified error in Android System. A local application can trigger the vulnerability and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 12L - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Information disclosure
EUVDB-ID: #VU65084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20221
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android System. A local application can gain unauthorized access to sensitive information on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information disclosure
EUVDB-ID: #VU65087
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20224
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android System. A local application can gain unauthorized access to sensitive information on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Information disclosure
EUVDB-ID: #VU65088
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20225
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android System. A local application can gain unauthorized access to sensitive information on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Information disclosure
EUVDB-ID: #VU65090
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20230
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in Android System. A local application can gain unauthorized access to sensitive information on the system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Android: 10 2020-12-05 - 12
CPE2.3https://source.android.com/security/bulletin/2022-07-01#details-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
