Google Android vulnerabilities

CVE-2022-21782 [MEDIUM] CWE-787 CVE-2022-21782: In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could le In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508.

CVE-2022-21780 [MEDIUM] CWE-787 CVE-2022-21780: In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could le In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526.

CVE-2022-21765 [MEDIUM] CWE-787 CVE-2022-21765: In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to l In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641673.

CVE-2022-21779 [MEDIUM] CWE-787 CVE-2022-21779: In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could le In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704393.

CVE-2022-21771 [MEDIUM] CWE-362 CVE-2022-21771: In GED driver, there is a possible use after free due to a race condition. This could lead to local In GED driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641585; Issue ID: ALPS06641585.

CVE-2022-22096 [CRITICAL] CVE-2022-22096: Bluetooth Android Security Bulletin 2022-07-01 CVE: CVE-2022-22096 Severity: CRITICAL Component: Bluetooth References: A-213371834 QC-CR#3105585

CVE-2022-25658 [HIGH] CVE-2022-25658: Closed-source component Android Security Bulletin 2022-07-01 CVE: CVE-2022-25658 Severity: HIGH Component: Closed-source component References: A-228101855*

CVE-2022-22058 [HIGH] CVE-2022-22058: Kernel Android Security Bulletin 2022-07-01 CVE: CVE-2022-22058 Severity: HIGH Component: Kernel References: A-209075540 QC-CR#2747422 QC-CR#2338216

CVE-2022-25657 [HIGH] CVE-2022-25657: Closed-source component Android Security Bulletin 2022-07-01 CVE: CVE-2022-25657 Severity: HIGH Component: Closed-source component References: A-228101835*

CVE-2022-25659 [HIGH] CVE-2022-25659: Closed-source component Android Security Bulletin 2022-07-01 CVE: CVE-2022-25659 Severity: HIGH Component: Closed-source component References: A-228101819*

CVE-2022-20083 [CRITICAL] CVE-2022-20083: Modem 2G/3G CC Android Security Bulletin 2022-07-01 CVE: CVE-2022-20083 Severity: HIGH Component: Modem 2G/3G CC References: A-231275475 M-MOLY00803883*

CVE-2022-20236 [HIGH] CVE-2022-20236: gpu Android Security Bulletin 2022-07-01 CVE: CVE-2022-20236 Severity: HIGH Component: gpu References: A-233124709 U-1883940*

CVE-2022-20238 [CRITICAL] CVE-2022-20238: kernel Android Security Bulletin 2022-07-01 CVE: CVE-2022-20238 Severity: HIGH Component: kernel References: A-233154555 U-1883892*

CVE-2022-21744 [CRITICAL] CVE-2022-21744: Modem 2G RR Android Security Bulletin 2022-07-01 CVE: CVE-2022-21744 Severity: HIGH Component: Modem 2G RR References: A-231281131 M-MOLY00810064*

CVE-2022-20216 [CRITICAL] CVE-2022-20216: Telephony Android Security Bulletin 2022-07-01 CVE: CVE-2022-20216 Severity: HIGH Component: Telephony References: A-231911916 U-1867981*

CVE-2022-20227 [MEDIUM] CVE-2022-20227: Kernel Android Security Bulletin 2022-07-01 CVE: CVE-2022-20227 Severity: HIGH Type: ID Component: Kernel References: A-216825460 Upstream kernel [2]

CVE-2022-20217 [MEDIUM] CVE-2022-20217: Telephony Android Security Bulletin 2022-07-01 CVE: CVE-2022-20217 Severity: HIGH Component: Telephony References: A-232441378 U-1882905*

CVE-2022-20130 [CRITICAL] CWE-754 CVE-2022-20130: In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a h In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-2243149

CVE-2022-20127 [CRITICAL] CWE-415 CVE-2022-20127: In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. Thi In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119

CVE-2022-20140 [CRITICAL] CWE-787 CVE-2022-20140: In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988