Google Android vulnerabilities

CVE-2023-20945 [HIGH] CWE-787 CVE-2023-20945: In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269

CVE-2023-20933 [HIGH] CWE-416 CVE-2023-20933: In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860

CVE-2023-20934 [HIGH] CVE-2023-20934: In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the micropho In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android

CVE-2023-20943 [HIGH] CWE-22 CVE-2023-20943: In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-1

CVE-2023-20939 [HIGH] CWE-667 CVE-2023-20939: In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981

CVE-2022-20455 [MEDIUM] CWE-400 CVE-2022-20455: In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due t In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android

CVE-2022-20481 [MEDIUM] CVE-2022-20481: In multiple files, there is a possible way to preserve WiFi settings due to residual data after a re In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115

CVE-2022-20551 [MEDIUM] CVE-2022-20551: In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indica In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549

CVE-2023-20932 [LOW] CWE-20 CVE-2023-20932: In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Andr

CVE-2023-20927 [HIGH] CWE-284 CVE-2023-20927: In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503

CVE-2022-47361 [HIGH] CWE-862 CVE-2022-47361: In firewall service, there is a missing permission check. This could lead to local escalation of pri In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.

CVE-2022-47331 [MEDIUM] CWE-362 CVE-2022-47331: In wlan driver, there is a race condition. This could lead to local denial of service in wlan servic In wlan driver, there is a race condition. This could lead to local denial of service in wlan services.

CVE-2022-47360 [MEDIUM] CWE-476 CVE-2022-47360: In log service, there is a missing permission check. This could lead to local denial of service in l In log service, there is a missing permission check. This could lead to local denial of service in log service.

CVE-2022-47329 [MEDIUM] CWE-862 CVE-2022-47329: In wlan driver, there is a possible missing permission check. This could lead to local information d In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.

CVE-2022-47364 [MEDIUM] CWE-787 CVE-2022-47364: In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could le In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.

CVE-2022-47342 [MEDIUM] CWE-129 CVE-2022-47342: In engineermode services, there is a missing permission check. This could lead to local denial of se In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.

CVE-2022-38674 [MEDIUM] CWE-190 CVE-2022-38674: In wlan driver, there is a possible missing params check. This could lead to local denial of service In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

CVE-2022-47358 [MEDIUM] CWE-862 CVE-2022-47358: In log service, there is a missing permission check. This could lead to local denial of service in l In log service, there is a missing permission check. This could lead to local denial of service in log service.

CVE-2022-47341 [MEDIUM] CWE-862 CVE-2022-47341: In engineermode services, there is a missing permission check. This could lead to local escalation o In engineermode services, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.

CVE-2022-47451 [MEDIUM] CWE-190 CVE-2022-47451: In wlan driver, there is a possible missing params check. This could lead to local denial of service In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.