Google Android vulnerabilities

CVE-2022-25705 [HIGH] CVE-2022-25705: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-25705 Severity: HIGH Component: Closed-source component References: A-235102507 *

CVE-2022-25709 [HIGH] CVE-2022-25709: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-25709 Severity: HIGH Component: Closed-source component References: A-235102420 *

CVE-2022-40530 [HIGH] CVE-2022-40530: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-40530 Severity: HIGH Component: Closed-source component References: A-261471028 *

CVE-2022-22075 [MEDIUM] CVE-2022-22075: Display Android Security Bulletin 2023-03-01 CVE: CVE-2022-22075 Severity: HIGH Component: Display References: A-193434313 QC-CR#3129138 QC-CR#3112398 [2] [3]

CVE-2022-33242 [HIGH] CVE-2022-33242: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-33242 Severity: HIGH Component: Closed-source component References: A-245402503 *

CVE-2022-25655 [HIGH] CVE-2022-25655: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-25655 Severity: HIGH Component: Closed-source component References: A-261469326 *

CVE-2022-40535 [HIGH] CVE-2022-40535: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-40535 Severity: HIGH Component: Closed-source component References: A-261470732 *

CVE-2022-40527 [HIGH] CVE-2022-40527: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-40527 Severity: HIGH Component: Closed-source component References: A-261470448 *

CVE-2022-40540 [HIGH] CVE-2022-40540: Kernel Android Security Bulletin 2023-03-01 CVE: CVE-2022-40540 Severity: HIGH Component: Kernel References: A-261470730 QC-CR#3280498

CVE-2022-33272 [HIGH] CVE-2022-33272: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-33272 Severity: HIGH Component: Closed-source component References: A-245403311 *

CVE-2022-40515 [HIGH] CVE-2022-40515: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-40515 Severity: HIGH Component: Closed-source component References: A-261469638 *

CVE-2022-33254 [HIGH] CVE-2022-33254: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-33254 Severity: HIGH Component: Closed-source component References: A-245403473 *

CVE-2022-25694 [HIGH] CVE-2022-25694: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-25694 Severity: HIGH Component: Closed-source component References: A-235102547 *

CVE-2022-40531 [HIGH] CVE-2022-40531: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-40531 Severity: HIGH Component: Closed-source component References: A-261469091 *

CVE-2022-4452 [HIGH] CVE-2022-4452: Android Security Bulletin 2023-03-01 CVE: CVE-2022-4452 Severity: HIGH Type: ID Affected AOSP versions: 13 References: A-251802307 Android Security Bulletin 2023-03-01 CVE: CVE-2022-4452 Severity: HIGH Type: ID Affected AOSP versions: 13 References: A-251802307

CVE-2022-33309 [HIGH] CVE-2022-33309: Closed-source component Android Security Bulletin 2023-03-01 CVE: CVE-2022-33309 Severity: HIGH Component: Closed-source component References: A-261468683 *

CVE-2023-20946 [CRITICAL] CVE-2023-20946: In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-1

CVE-2023-20940 [HIGH] CWE-347 CVE-2023-20940: In the Android operating system, there is a possible way to replace a boot partition due to improper In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041

CVE-2023-20948 [HIGH] CWE-125 CVE-2023-20948: In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526

CVE-2023-20944 [HIGH] CWE-502 CVE-2023-20944: In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsa In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android