Google Android vulnerabilities

CVE-2022-20292 [HIGH] CVE-2022-20292: In Settings, there is a possible way to bypass factory reset protections due to a logic error in the In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202975040

CVE-2022-20253 [MEDIUM] CWE-755 CVE-2022-20253: In Bluetooth, there is a possible cleanup failure due to an uncaught exception. This could lead to r In Bluetooth, there is a possible cleanup failure due to an uncaught exception. This could lead to remote denial of service in Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545125

CVE-2022-20278 [MEDIUM] CWE-532 CVE-2022-20278: In Accounts, there is a possible way to write sensitive information to the system log due to insuffi In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113

CVE-2022-20313 [MEDIUM] CWE-787 CVE-2022-20313: In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-192206329

CVE-2022-20260 [MEDIUM] CVE-2022-20260: In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to loca In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220865698

CVE-2022-20288 [MEDIUM] CVE-2022-20288: In AppSearchManagerService, there is a possible way to determine whether an app is installed, withou In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-

CVE-2022-20317 [MEDIUM] CVE-2022-20317: In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic erro In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199063

CVE-2022-20299 [MEDIUM] CWE-862 CVE-2022-20299: In ContentService, there is a possible way to check if the given account exists on the device due to In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201415895

CVE-2022-20277 [MEDIUM] CWE-203 CVE-2022-20277: In DevicePolicyManager, there is a possible way to determine whether an app is installed, without qu In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID

CVE-2022-20298 [MEDIUM] CWE-862 CVE-2022-20298: In ContentService, there is a possible way to check if an account exists on the device due to a miss In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201416182

CVE-2022-20265 [MEDIUM] CVE-2022-20265: In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-212804898

CVE-2022-20304 [MEDIUM] CWE-203 CVE-2022-20304: In Content, there is a possible way to determinate the user's account due to side channel informatio In Content, there is a possible way to determinate the user's account due to side channel information disclosure. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199751919

CVE-2022-20269 [MEDIUM] CWE-787 CVE-2022-20269: In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check. This could l In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-209062898

CVE-2022-20332 [MEDIUM] CVE-2022-20332: In PackageManager, there is a possible way to determine whether an app is installed, without query p In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180019130

CVE-2022-20326 [MEDIUM] CWE-862 CVE-2022-20326: In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. T In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-185235527

CVE-2022-20273 [MEDIUM] CWE-787 CVE-2022-20273: In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-206478022

CVE-2022-20296 [MEDIUM] CWE-862 CVE-2022-20296: In ContentService, there is a possible way to check if an account exists on the device due to a miss In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-201794303

CVE-2022-20291 [MEDIUM] CWE-203 CVE-2022-20291: In AppOpsService, there is a possible way to determine whether an app is installed, without query pe In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-20

CVE-2022-20270 [MEDIUM] CVE-2022-20270: In Content, there is a possible way to learn gmail account name on the device due to a permissions b In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-209005023

CVE-2022-20259 [MEDIUM] CWE-862 CVE-2022-20259: In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This coul In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221431393