Google Android vulnerabilities

CVE-2023-21419 [HIGH] CWE-287 CVE-2023-21419: An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.

CVE-2023-20615 [MEDIUM] CWE-787 CVE-2023-20615: In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629572; Issue ID: ALPS07629572.

CVE-2023-20611 [MEDIUM] CWE-662 CVE-2023-20611: In gpu, there is a possible use after free due to a race condition. This could lead to local escalat In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678.

CVE-2023-20602 [MEDIUM] CWE-190 CVE-2023-20602: In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494107; Issue ID: ALPS07494107.

CVE-2023-20614 [MEDIUM] CWE-787 CVE-2023-20614: In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615.

CVE-2023-20610 [MEDIUM] CWE-662 CVE-2023-20610: In display drm, there is a possible memory corruption due to a race condition. This could lead to lo In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363469; Issue ID: ALPS07363469.

CVE-2023-20613 [MEDIUM] CWE-20 CVE-2023-20613: In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614.

CVE-2023-20619 [MEDIUM] CWE-667 CVE-2023-20619: In vcu, there is a possible memory corruption due to improper locking. This could lead to local esca In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.

CVE-2023-20612 [MEDIUM] CWE-20 CVE-2023-20612: In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571.

CVE-2023-20608 [MEDIUM] CWE-416 CVE-2023-20608: In display drm, there is a possible use after free due to a race condition. This could lead to local In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363599; Issue ID: ALPS07363599.

CVE-2023-20616 [MEDIUM] CWE-843 CVE-2023-20616: In ion, there is a possible out of bounds read due to type confusion. This could lead to local escal In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.

CVE-2023-20607 [MEDIUM] CWE-662 CVE-2023-20607: In ccu, there is a possible memory corruption due to a race condition. This could lead to local esca In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839.

CVE-2023-20609 [MEDIUM] CWE-125 CVE-2023-20609: In ccu, there is a possible out of bounds read due to a logic error. This could lead to local inform In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864.

CVE-2023-20604 [MEDIUM] CWE-787 CVE-2023-20604: In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494067; Issue ID: ALPS07494067.

CVE-2023-20605 [MEDIUM] CWE-119 CVE-2023-20605: In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104.

CVE-2022-32595 [MEDIUM] CWE-125 CVE-2022-32595: In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lea In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.

CVE-2022-32642 [MEDIUM] CWE-662 CVE-2022-32642: In ccd, there is a possible memory corruption due to a race condition. This could lead to local esca In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.

CVE-2023-20606 [MEDIUM] CWE-20 CVE-2023-20606: In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104.

CVE-2022-32643 [MEDIUM] CWE-662 CVE-2022-32643: In ccd, there is a possible use after free due to a race condition. This could lead to local escalat In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261.

CVE-2023-20618 [MEDIUM] CWE-667 CVE-2023-20618: In vcu, there is a possible memory corruption due to improper locking. This could lead to local esca In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184.