Google Android vulnerabilities

CVE-2022-22089 [HIGH] CVE-2022-22089: Closed-source component Android Security Bulletin 2022-09-01 CVE: CVE-2022-22089 Severity: HIGH Component: Closed-source component References: A-235102568*

CVE-2022-25656 [HIGH] CVE-2022-25656: Kernel Android Security Bulletin 2022-09-01 CVE: CVE-2022-25656 Severity: HIGH Component: Kernel References: A-228101796 QC-CR#3119439 [2] QC-CR#2998082 [2]

CVE-2022-20387 [CRITICAL] CVE-2022-20387: Android Android Security Bulletin 2022-09-01 CVE: CVE-2022-20387 Severity: HIGH Component: Android References: A-238227324 U-1872920*

CVE-2022-20308 [HIGH] CVE-2022-20308: In hostapd, there is a possible insecure configuration due to an insecure default value. This could In hostapd, there is a possible insecure configuration due to an insecure default value. This could lead to remote denial of service of the wifi hotspot with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-197874458

CVE-2022-20254 [HIGH] CVE-2022-20254: In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the g In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547

CVE-2022-20281 [HIGH] CWE-862 CVE-2022-20281: In Core, there is a possible way to start an activity from the background due to a missing permissio In Core, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204083967

CVE-2022-20329 [HIGH] CWE-862 CVE-2022-20329: In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission chec In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-183410556

CVE-2022-20302 [HIGH] CVE-2022-20302: In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. Th In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200746457

CVE-2022-20271 [HIGH] CVE-2022-20271: In PermissionController, there is a possible way to grant some permissions without user consent due In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672635

CVE-2022-20325 [HIGH] CWE-416 CVE-2022-20325: In Media, there is a possible code execution due to a use after free. This could lead to local escal In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-186473060

CVE-2022-20268 [HIGH] CVE-2022-20268: In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to sys In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. This could lead to local escalation of privilege on an enterprise managed device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID

CVE-2022-20297 [HIGH] CVE-2022-20297: In Settings, there is a possible way to bypass factory reset protections due to a logic error in the In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201561699

CVE-2022-20258 [HIGH] CVE-2022-20258: In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221893030

CVE-2022-20274 [HIGH] CWE-862 CVE-2022-20274: In Keyguard, there is a missing permission check. This could lead to local escalation of privilege a In Keyguard, there is a missing permission check. This could lead to local escalation of privilege and prevention of screen timeout with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-206470146

CVE-2022-20319 [HIGH] CWE-610 CVE-2022-20319: In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189574230

CVE-2022-20362 [HIGH] CWE-190 CVE-2022-20362: In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230756082

CVE-2022-20331 [HIGH] CWE-1021 CVE-2022-20331: In the Framework, there is a possible way to enable a work profile without user consent due to a tap In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181785557

CVE-2022-20282 [HIGH] CWE-862 CVE-2022-20282: In AppWidget, there is a possible way to start an activity from the background due to a missing perm In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204083104

CVE-2022-20286 [HIGH] CVE-2022-20286: In Connectivity, there is a possible bypass the restriction of starting activity from background due In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230866011

CVE-2022-20283 [HIGH] CWE-190 CVE-2022-20283: In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233069336