Google Android vulnerabilities

CVE-2022-26455 [MEDIUM] CWE-787 CVE-2022-26455: In gz, there is a possible memory corruption due to incorrect error handling. This could lead to loc In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177858; Issue ID: ALPS07177858.

CVE-2022-26456 [MEDIUM] CWE-59 CVE-2022-26456: In vow, there is a possible information disclosure due to a symbolic link following. This could lead In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545473; Issue ID: ALPS06545473.

CVE-2022-26457 [MEDIUM] CWE-787 CVE-2022-26457: In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138490; Issue ID: ALPS07138490.

CVE-2022-26448 [MEDIUM] CWE-787 CVE-2022-26448: In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07063849; Issue ID: ALPS07063849.

CVE-2022-26468 [MEDIUM] CWE-787 CVE-2022-26468: In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This coul In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07168125; Issue ID: ALPS07168125.

CVE-2022-25708 [CRITICAL] CVE-2022-25708: Closed-source component Android Security Bulletin 2022-09-01 CVE: CVE-2022-25708 Severity: CRITICAL Component: Closed-source component References: A-235102756*

CVE-2022-20386 [CRITICAL] CVE-2022-20386: Android Android Security Bulletin 2022-09-01 CVE: CVE-2022-20386 Severity: HIGH Component: Android References: A-238227328 U-1903099*

CVE-2022-25696 [HIGH] CVE-2022-25696: Closed-source component Android Security Bulletin 2022-09-01 CVE: CVE-2022-25696 Severity: HIGH Component: Closed-source component References: A-235102900*

CVE-2022-20385 [CRITICAL] CVE-2022-20385: kernel Android Security Bulletin 2022-09-01 CVE: CVE-2022-20385 Severity: HIGH Component: kernel References: A-238379819 U-1903041*

CVE-2022-22822 [CRITICAL] CVE-2022-22822: Android Security Bulletin 2022-09-01 CVE: CVE-2022-22822 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11, 12, 12L References: A-219942275 Android Security Bulletin 2022-09-01 CVE: CVE-2022-22822 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11, 12, 12L References: A-219942275

CVE-2022-22066 [HIGH] CVE-2022-22066: Closed-source component Android Security Bulletin 2022-09-01 CVE: CVE-2022-22066 Severity: HIGH Component: Closed-source component References: A-223209292*

CVE-2022-29582 [HIGH] CVE-2022-29582: fs Android Security Bulletin 2022-09-01 CVE: CVE-2022-29582 Severity: HIGH Type: EoP Component: fs References: A-231494876 Upstream kernel

CVE-2022-20399 [MEDIUM] CVE-2022-20399: SELinux Android Security Bulletin 2022-09-01 CVE: CVE-2022-20399 Severity: HIGH Type: ID Component: SELinux References: A-219808546 Upstream kernel

CVE-2022-22074 [HIGH] CVE-2022-22074: Closed-source component Android Security Bulletin 2022-09-01 CVE: CVE-2022-22074 Severity: HIGH Component: Closed-source component References: A-235102567*

CVE-2022-20390 [CRITICAL] CVE-2022-20390: Android Android Security Bulletin 2022-09-01 CVE: CVE-2022-20390 Severity: HIGH Component: Android References: A-238257002 U-1872920*

CVE-2021-4083 [HIGH] CVE-2021-4083: Kernel Android Security Bulletin 2022-09-01 CVE: CVE-2021-4083 Severity: HIGH Type: EoP Component: Kernel References: A-216408350 Upstream kernel

CVE-2022-22094 [HIGH] CVE-2022-22094: Closed-source component Android Security Bulletin 2022-09-01 CVE: CVE-2022-22094 Severity: HIGH Component: Closed-source component References: A-223210036*

CVE-2022-25706 [HIGH] CVE-2022-25706: Bluetooth Android Security Bulletin 2022-09-01 CVE: CVE-2022-25706 Severity: HIGH Component: Bluetooth References: A-235102901 QC-CR#3155132

CVE-2022-25688 [HIGH] CVE-2022-25688: Closed-source component Android Security Bulletin 2022-09-01 CVE: CVE-2022-25688 Severity: HIGH Component: Closed-source component References: A-235102421*

CVE-2022-23990 [HIGH] CVE-2022-23990: Android Security Bulletin 2022-09-01 CVE: CVE-2022-23990 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11, 12, 12L References: A-221256678 Android Security Bulletin 2022-09-01 CVE: CVE-2022-23990 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11, 12, 12L References: A-221256678