Google Android vulnerabilities

CVE-2022-22059 [HIGH] CVE-2022-22059: Closed-source component Android Security Bulletin 2022-08-01 CVE: CVE-2022-22059 Severity: HIGH Component: Closed-source component References: A-231156126*

CVE-2022-22067 [HIGH] CVE-2022-22067: Closed-source component Android Security Bulletin 2022-08-01 CVE: CVE-2022-22067 Severity: HIGH Component: Closed-source component References: A-218338889*

CVE-2022-26435 [MEDIUM] CWE-787 CVE-2022-26435: In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435.

CVE-2022-26434 [MEDIUM] CWE-787 CVE-2022-26434: In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead t In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID: ALPS07138450.

CVE-2022-21790 [MEDIUM] CWE-125 CVE-2022-21790: In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306.

CVE-2022-21789 [MEDIUM] CWE-362 CVE-2022-21789: In audio ipi, there is a possible memory corruption due to a race condition. This could lead to loca In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.

CVE-2022-26431 [MEDIUM] CWE-787 CVE-2022-26431: In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead t In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553.

CVE-2022-26436 [MEDIUM] CWE-125 CVE-2022-26436: In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666.

CVE-2022-26430 [MEDIUM] CWE-787 CVE-2022-26430: In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521.

CVE-2022-21791 [MEDIUM] CWE-125 CVE-2022-21791: In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059.

CVE-2022-21788 [MEDIUM] CVE-2022-21788: In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to l In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728.

CVE-2022-26432 [MEDIUM] CWE-787 CVE-2022-26432: In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead t In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542; Issue ID: ALPS07032542.

CVE-2022-26426 [MEDIUM] CWE-787 CVE-2022-26426: In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lea In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486.

CVE-2022-26428 [MEDIUM] CWE-362 CVE-2022-26428: In video codec, there is a possible memory corruption due to a race condition. This could lead to lo In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260.

CVE-2022-21792 [MEDIUM] CWE-787 CVE-2022-21792: In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lea In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410.

CVE-2022-26427 [MEDIUM] CWE-787 CVE-2022-26427: In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lea In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540.

CVE-2022-26433 [MEDIUM] CWE-843 CVE-2022-26433: In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400.

CVE-2022-20222 [CRITICAL] CWE-787 CVE-2022-20222: In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds ch In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096

CVE-2022-20229 [CRITICAL] CWE-787 CVE-2022-20229: In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds wri In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid

CVE-2022-20224 [HIGH] CWE-125 CVE-2022-20224: In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect b In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAn