Google Android vulnerabilities

CVE-2022-20341 [MEDIUM] CWE-862 CVE-2022-20341: In ConnectivityService, there is a possible bypass of network permissions due to a missing permissio In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-162952629

CVE-2022-20275 [MEDIUM] CWE-203 CVE-2022-20275: In DevicePolicyManager, there is a possible way to determine whether an app is installed, without qu In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID

CVE-2022-20334 [MEDIUM] CWE-476 CVE-2022-20334: In Bluetooth, there are possible process crashes due to dereferencing a null pointer. This could lea In Bluetooth, there are possible process crashes due to dereferencing a null pointer. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-178800552

CVE-2022-20272 [MEDIUM] CWE-276 CVE-2022-20272: In PermissionController, there is a possible misunderstanding about the default SMS application's pe In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-207672568

CVE-2022-20293 [MEDIUM] CWE-203 CVE-2022-20293: In LauncherApps, there is a possible way to determine whether an app is installed, without query per In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-202

CVE-2022-20322 [MEDIUM] CWE-862 CVE-2022-20322: In PackageManager, there is a possible installed package disclosure due to a missing permission chec In PackageManager, there is a possible installed package disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176993

CVE-2022-20314 [MEDIUM] CWE-20 CVE-2022-20314: In KeyChain, there is a possible spoof keychain chooser activity request due to improper input valid In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-191876118

CVE-2022-20285 [MEDIUM] CVE-2022-20285: In PackageManager, there is a possible way to determine whether an app is installed, without query p In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230868108

CVE-2022-20284 [MEDIUM] CWE-862 CVE-2022-20284: In Telephony, there is a possible information disclosure due to a missing permission check. This cou In Telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of phone accounts with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986341

CVE-2022-20256 [MEDIUM] CWE-362 CVE-2022-20256: In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead t In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222572821

CVE-2022-20279 [MEDIUM] CWE-203 CVE-2022-20279: In DevicePolicyManager, there is a possible way to determine whether an app is installed, without qu In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID

CVE-2022-20266 [MEDIUM] CWE-20 CVE-2022-20266: In Companion, there is a possible way to keep a service running with elevated importance without sho In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Andr

CVE-2022-20303 [MEDIUM] CWE-862 CVE-2022-20303: In ContentService, there is a possible way to determine if an account is on the device without GET_A In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200573021

CVE-2022-20301 [MEDIUM] CWE-862 CVE-2022-20301: In Content, there is a possible way to check if an account exists on the device due to a missing per In Content, there is a possible way to check if an account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200956614

CVE-2022-20323 [MEDIUM] CWE-862 CVE-2022-20323: In PackageManager, there is a possible package installation disclosure due to a missing permission c In PackageManager, there is a possible package installation disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187176203

CVE-2022-20263 [MEDIUM] CWE-862 CVE-2022-20263: In ActivityManager, there is a way to read process state for other users due to a missing permission In ActivityManager, there is a way to read process state for other users due to a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217935264

CVE-2022-20290 [MEDIUM] CVE-2022-20290: In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. Th In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-203549963

CVE-2022-20289 [MEDIUM] CVE-2022-20289: In PackageInstaller, there is a possible way to determine whether an app is installed, without query In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2036839

CVE-2022-20306 [MEDIUM] CWE-416 CVE-2022-20306: In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could le In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794

CVE-2022-20312 [MEDIUM] CWE-862 CVE-2022-20312: In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to mis In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. This could lead to local information disclosure without additional execution privileges needed. User interaction is not needed forexploitationProduct: AndroidVersions: Android-13Android ID: A-192244925