Google Android vulnerabilities

CVE-2022-42535 [MEDIUM] CWE-89 CVE-2022-42535: In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL inject In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183

CVE-2022-20504 [MEDIUM] CWE-862 CVE-2022-20504: In multiple locations of DreamManagerService.java, there is a missing permission check. This could l In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553

CVE-2022-20509 [MEDIUM] CWE-787 CVE-2022-20509: In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing b In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317

CVE-2022-20513 [MEDIUM] CWE-125 CVE-2022-20513: In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds c In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759

CVE-2022-20518 [MEDIUM] CWE-89 CVE-2022-20518: In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injectio In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203

CVE-2022-42542 [MEDIUM] CWE-787 CVE-2022-42542: In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184

CVE-2022-20515 [MEDIUM] CWE-610 CVE-2022-20515: In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protec In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A

CVE-2022-20510 [MEDIUM] CWE-862 CVE-2022-20510: In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi

CVE-2022-20531 [MEDIUM] CVE-2022-20531: In Telecom, there is a possible way to determine whether an app is installed, without query permissi In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20555 [MEDIUM] CWE-125 CVE-2022-20555: In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a miss In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233

CVE-2022-20554 [MEDIUM] CWE-416 CVE-2022-20554: In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. Th In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596

CVE-2022-20505 [MEDIUM] CWE-22 CVE-2022-20505: In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal e In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754

CVE-2022-20521 [MEDIUM] CWE-476 CVE-2022-20521: In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684

CVE-2022-20539 [MEDIUM] CWE-787 CVE-2022-20539: In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds che In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425

CVE-2022-20514 [MEDIUM] CWE-416 CVE-2022-20514: In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterato In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions

CVE-2022-20530 [MEDIUM] CWE-451 CVE-2022-20530: In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645

CVE-2022-20552 [MEDIUM] CWE-416 CVE-2022-20552: In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806

CVE-2022-20538 [MEDIUM] CWE-203 CVE-2022-20538: In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is inst In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And

CVE-2022-20553 [MEDIUM] CWE-1021 CVE-2022-20553: In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check du In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265

CVE-2022-20523 [MEDIUM] CWE-125 CVE-2022-20523: In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a m In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508