Google Android vulnerabilities

CVE-2022-20243 [MEDIUM] CWE-319 CVE-2022-20243: In Core Utilities, there is a possible log information disclosure. This could lead to local informat In Core Utilities, there is a possible log information disclosure. This could lead to local information disclosure of sensitive browsing data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199986

CVE-2022-20242 [MEDIUM] CWE-203 CVE-2022-20242: In Telephony, there is a possible way to determine whether an app is installed, without query permis In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986

CVE-2022-20251 [LOW] CWE-203 CVE-2022-20251: In LocaleManager, there is a possible way to determine whether an app is installed, without query pe In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-22588

CVE-2022-20249 [LOW] CWE-203 CVE-2022-20249: In LocaleManager, there is a possible way to determine whether an app is installed, without query pe In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-22690

CVE-2022-20241 [LOW] CWE-20 CVE-2022-20241: In Messaging, there is a possible way to attach a private file to an SMS message due to improper inp In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217185011

CVE-2022-20252 [LOW] CWE-203 CVE-2022-20252: In PackageManager, there is a possible way to determine whether an app is installed, without query p In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2245

CVE-2022-20245 [LOW] CVE-2022-20245: In WindowManager, there is a possible method to create a recording of the lock screen due to an inse In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-215005011

CVE-2022-20361 [CRITICAL] CWE-269 CVE-2022-20361: In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Der In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-

CVE-2021-39696 [HIGH] CVE-2021-39696: In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-185810717

CVE-2022-20356 [HIGH] CWE-20 CVE-2022-20356: In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 An

CVE-2022-20347 [HIGH] CWE-269 CVE-2022-20347: In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-

CVE-2022-20344 [HIGH] CWE-362 CVE-2022-20344: In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communi In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroi

CVE-2022-20354 [HIGH] CVE-2022-20354: In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241

CVE-2022-20348 [HIGH] CWE-862 CVE-2022-20348: In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin r In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android

CVE-2022-20360 [HIGH] CWE-862 CVE-2022-20360: In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987

CVE-2022-20345 [HIGH] CWE-787 CVE-2022-20345: In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bo In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481

CVE-2022-20349 [HIGH] CWE-862 CVE-2022-20349: In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible a In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 A

CVE-2022-20346 [MEDIUM] CWE-125 CVE-2022-20346: In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAn

CVE-2022-20350 [MEDIUM] CWE-20 CVE-2022-20350: In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the vic In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android

CVE-2022-20357 [MEDIUM] CWE-908 CVE-2022-20357: In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitiali In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987