Google Android vulnerabilities

CVE-2022-20473 [CRITICAL] CWE-125 CVE-2022-20473: In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2392

CVE-2022-20472 [CRITICAL] CWE-125 CVE-2022-20472: In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2392

CVE-2022-20487 [HIGH] CWE-770 CVE-2022-20487: In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissio In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-1

CVE-2022-20484 [HIGH] CWE-770 CVE-2022-20484: In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissio In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-1

CVE-2022-20474 [HIGH] CWE-276 CVE-2022-20474: In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Setti In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L And

CVE-2022-20611 [HIGH] CWE-276 CVE-2022-20611: In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass car In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 An

CVE-2022-20486 [HIGH] CWE-770 CVE-2022-20486: In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissio In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-1

CVE-2022-20470 [HIGH] CWE-20 CVE-2022-20470: In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12

CVE-2022-20469 [HIGH] CWE-787 CVE-2022-20469: In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing b In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-1

CVE-2022-20411 [HIGH] CWE-787 CVE-2022-20411: In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds ch In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-2

CVE-2022-20483 [HIGH] CWE-191 CVE-2022-20483: In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possib In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12

CVE-2022-20479 [HIGH] CWE-770 CVE-2022-20479: In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissio In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-1

CVE-2022-20491 [HIGH] CWE-1284 CVE-2022-20491: In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissio In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-

CVE-2022-20501 [HIGH] CWE-1021 CVE-2022-20501: In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user int In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11

CVE-2022-20488 [HIGH] CWE-1284 CVE-2022-20488: In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissio In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-

CVE-2022-20495 [HIGH] CWE-276 CVE-2022-20495: In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 An

CVE-2022-20478 [HIGH] CWE-770 CVE-2022-20478: In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissio In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-1

CVE-2022-20477 [HIGH] CWE-783 CVE-2022-20477: In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to s In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A

CVE-2022-20480 [HIGH] CWE-770 CVE-2022-20480: In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissio In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-1

CVE-2022-20475 [HIGH] CWE-276 CVE-2022-20475: In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTask In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L And