Google Android vulnerabilities

CVE-2022-39113 [MEDIUM] CWE-862 CVE-2022-39113: In Music service, there is a missing permission check. This could lead to local denial of service in In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-39114 [MEDIUM] CWE-862 CVE-2022-39114: In Music service, there is a missing permission check. This could lead to local denial of service in In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-39117 [MEDIUM] CWE-862 CVE-2022-39117: In messaging service, there is a missing permission check. This could lead to local information disc In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2022-39112 [MEDIUM] CWE-862 CVE-2022-39112: In Music service, there is a missing permission check. This could lead to local denial of service in In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-38677 [MEDIUM] CWE-400 CVE-2022-38677: In cell service, there is a missing permission check. This could lead to local denial of service in In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.

CVE-2022-38689 [MEDIUM] CWE-200 CVE-2022-38689: In telephony service, there is a missing permission check. This could lead to local information disc In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2022-39115 [MEDIUM] CWE-862 CVE-2022-39115: In Music service, there is a missing permission check. This could lead to local denial of service in In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-39125 [MEDIUM] CWE-400 CVE-2022-39125: In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-38688 [MEDIUM] CWE-200 CVE-2022-38688: In telephony service, there is a missing permission check. This could lead to local information disc In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2022-39103 [MEDIUM] CWE-862 CVE-2022-39103: In Gallery service, there is a missing permission check. This could lead to local denial of service In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed.

CVE-2022-20419 [HIGH] CVE-2022-20419: In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-237290578

CVE-2022-20429 [HIGH] CVE-2022-20429: In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473

CVE-2022-20417 [HIGH] CWE-787 CVE-2022-20417: In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrec In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237288416

CVE-2022-20410 [HIGH] CWE-125 CVE-2022-20410: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an in In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID:

CVE-2022-20420 [HIGH] CVE-2022-20420: In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android

CVE-2022-20418 [HIGH] CWE-125 CVE-2022-20418: In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464

CVE-2022-20416 [HIGH] CWE-787 CVE-2022-20416: In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrec In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237717857

CVE-2022-20415 [HIGH] CVE-2022-20415: In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass o In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A

CVE-2022-20413 [MEDIUM] CVE-2022-20413: In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634

CVE-2022-20412 [MEDIUM] CWE-125 CVE-2022-20412: In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. T In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230794395