Google Android vulnerabilities

CVE-2022-20436 [HIGH] CVE-2022-20436: Android Android Security Bulletin 2022-10-01 CVE: CVE-2022-20436 Severity: HIGH Component: Android References: A-242248369 U-1901996 *

CVE-2022-20438 [MEDIUM] CVE-2022-20438: Android Android Security Bulletin 2022-10-01 CVE: CVE-2022-20438 Severity: HIGH Component: Android References: A-242259920 U-1916307 *

CVE-2022-20434 [HIGH] CVE-2022-20434: Telephony Android Security Bulletin 2022-10-01 CVE: CVE-2022-20434 Severity: HIGH Component: Telephony References: A-242244028 U-1882896 *

CVE-2022-20431 [HIGH] CVE-2022-20431: Telephony Android Security Bulletin 2022-10-01 CVE: CVE-2022-20431 Severity: HIGH Component: Telephony References: A-242221238 U-1882896 *

CVE-2022-25660 [HIGH] CVE-2022-25660: Closed-source component Android Security Bulletin 2022-10-01 CVE: CVE-2022-25660 Severity: HIGH Component: Closed-source component References: A-228101818 *

CVE-2022-20432 [HIGH] CVE-2022-20432: Telephony Android Security Bulletin 2022-10-01 CVE: CVE-2022-20432 Severity: HIGH Component: Telephony References: A-242221899 U-1882896 *

CVE-2021-39673 [HIGH] CVE-2021-39673: Android Security Bulletin 2022-10-01 CVE: CVE-2021-39673 Severity: HIGH Type: ID Affected AOSP versions: 13 References: A-195410559 [2] Android Security Bulletin 2022-10-01 CVE: CVE-2021-39673 Severity: HIGH Type: ID Affected AOSP versions: 13 References: A-195410559 [2]

CVE-2022-22077 [HIGH] CVE-2022-22077: Kernel Android Security Bulletin 2022-10-01 CVE: CVE-2022-22077 Severity: HIGH Component: Kernel References: A-238108281 QC-CR#3155201

CVE-2021-0699 [HIGH] CVE-2021-0699: PowerVR-GPU Android Security Bulletin 2022-10-01 CVE: CVE-2021-0699 Severity: HIGH Component: PowerVR-GPU References: A-242345178 *

CVE-2022-25723 [HIGH] CVE-2022-25723: Kernel Android Security Bulletin 2022-10-01 CVE: CVE-2022-25723 Severity: HIGH Component: Kernel References: A-238108282 QC-CR#3072203

CVE-2022-20422 [HIGH] CVE-2022-20422: armv8 emulation Android Security Bulletin 2022-10-01 CVE: CVE-2022-20422 Severity: HIGH Type: EoP Component: armv8 emulation References: A-237540956 Upstream kernel

CVE-2022-20437 [MEDIUM] CVE-2022-20437: Android Android Security Bulletin 2022-10-01 CVE: CVE-2022-20437 Severity: HIGH Component: Android References: A-242258929 U-1916307 *

CVE-2022-20439 [MEDIUM] CVE-2022-20439: Android Android Security Bulletin 2022-10-01 CVE: CVE-2022-20439 Severity: HIGH Component: Android References: A-242266172 U-1916307 *

CVE-2021-0696 [HIGH] CVE-2021-0696: PowerVR-GPU Android Security Bulletin 2022-10-01 CVE: CVE-2021-0696 Severity: HIGH Component: PowerVR-GPU References: A-242344778 *

CVE-2022-20409 [MEDIUM] CVE-2022-20409: io_uring Android Security Bulletin 2022-10-01 CVE: CVE-2022-20409 Severity: MEDIUM Type: EoP Component: io_uring References: A-238177383 Upstream kernel

CVE-2022-20392 [HIGH] CWE-20 CVE-2022-20392: In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dan In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.P

CVE-2022-20395 [HIGH] CWE-22 CVE-2022-20395: In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal erro In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295

CVE-2022-20398 [HIGH] CWE-732 CVE-2022-20398: In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734

CVE-2022-20393 [MEDIUM] CWE-191 CVE-2022-20393: In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LA

CVE-2022-20396 [MEDIUM] CWE-345 CVE-2022-20396: In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, with In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L And