Google Android vulnerabilities

CVE-2022-32602 [MEDIUM] CWE-125 CVE-2022-32602: In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; Issue ID: ALPS07388790.

CVE-2022-32603 [MEDIUM] CWE-787 CVE-2022-32603: In gpu drm, there is a possible out of bounds write due to improper input validation. This could lea In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704.

CVE-2022-20426 [MEDIUM] CWE-754 CVE-2022-20426: In multiple functions of many files, there is a possible obstruction of the user's ability to select In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-

CVE-2022-20453 [MEDIUM] CWE-22 CVE-2022-20453: In update of MmsProvider.java, there is a possible constriction of directory permissions due to a pa In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android

CVE-2022-32611 [MEDIUM] CWE-787 CVE-2022-32611: In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373.

CVE-2022-20457 [MEDIUM] CWE-20 CVE-2022-20457: In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package ins In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243924784

CVE-2022-32607 [MEDIUM] CWE-416 CVE-2022-32607: In aee, there is a possible use after free due to a missing bounds check. This could lead to local e In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891.

CVE-2022-32615 [MEDIUM] CWE-908 CVE-2022-32615: In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS07326559.

CVE-2022-20465 [MEDIUM] CWE-276 CVE-2022-20465: In dismiss and related functions of KeyguardHostViewController.java and related files, there is a po In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11

CVE-2022-32613 [MEDIUM] CWE-362 CVE-2022-32613: In vcu, there is a possible memory corruption due to a race condition. This could lead to local esca In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340.

CVE-2022-32609 [MEDIUM] CWE-662 CVE-2022-32609: In vcu, there is a possible use after free due to a race condition. This could lead to local escalat In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410.

CVE-2022-32618 [MEDIUM] CWE-131 CVE-2022-32618: In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. Th In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454.

CVE-2022-32610 [MEDIUM] CWE-662 CVE-2022-32610: In vcu, there is a possible use after free due to a race condition. This could lead to local escalat In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476.

CVE-2022-32612 [MEDIUM] CWE-362 CVE-2022-32612: In vcu, there is a possible use after free due to a race condition. This could lead to local escalat In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.

CVE-2022-20446 [LOW] CWE-862 CVE-2022-20446: In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the mi In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-

CVE-2021-35122 [CRITICAL] CVE-2021-35122: Closed-source component Android Security Bulletin 2022-11-01 CVE: CVE-2021-35122 Severity: CRITICAL Component: Closed-source component References: A-213239915 *

CVE-2022-33239 [HIGH] CVE-2022-33239: Closed-source component Android Security Bulletin 2022-11-01 CVE: CVE-2022-33239 Severity: HIGH Component: Closed-source component References: A-240982982 *

CVE-2022-33237 [HIGH] CVE-2022-33237: Closed-source component Android Security Bulletin 2022-11-01 CVE: CVE-2022-33237 Severity: HIGH Component: Closed-source component References: A-240972236 *

CVE-2022-25724 [HIGH] CVE-2022-25724: Display Android Security Bulletin 2022-11-01 CVE: CVE-2022-25724 Severity: HIGH Component: Display References: A-238106223 QC-CR#3090325 [2] [3]

CVE-2022-25671 [HIGH] CVE-2022-25671: Closed-source component Android Security Bulletin 2022-11-01 CVE: CVE-2022-25671 Severity: HIGH Component: Closed-source component References: A-231156429 *