Google Android vulnerabilities

CVE-2022-20145 [CRITICAL] CVE-2022-20145: In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-

CVE-2022-20204 [HIGH] CWE-862 CVE-2022-20204: In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reportin In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid I

CVE-2022-20134 [HIGH] CWE-20 CVE-2022-20134: In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wr In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12

CVE-2022-20138 [HIGH] CWE-862 CVE-2022-20138: In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way fo In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: An

CVE-2022-20142 [HIGH] CVE-2022-20142: In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code ex In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-

CVE-2022-20137 [HIGH] CWE-862 CVE-2022-20137: In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-2

CVE-2022-20135 [HIGH] CVE-2022-20135: In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465

CVE-2022-20124 [HIGH] CVE-2022-20124: In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 An

CVE-2022-20126 [HIGH] CWE-862 CVE-2022-20126: In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode wi In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Andr

CVE-2022-20193 [HIGH] CVE-2022-20193: In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116

CVE-2022-20147 [HIGH] CWE-787 CVE-2022-20147: In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missi In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-2212161

CVE-2021-39691 [HIGH] CWE-1021 CVE-2021-39691: In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when process In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241

CVE-2022-20144 [HIGH] CVE-2022-20144: In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-25063

CVE-2022-20197 [HIGH] CVE-2022-20197: In recycle of Parcel.java, there is a possible way to start foreground activity from background due In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300

CVE-2022-20203 [HIGH] CWE-787 CVE-2022-20203: In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20209 [HIGH] CWE-787 CVE-2022-20209: In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397

CVE-2022-20207 [HIGH] CVE-2022-20207: In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an ins In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714

CVE-2022-20133 [HIGH] CWE-862 CVE-2022-20133: In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-2

CVE-2022-20192 [HIGH] CVE-2022-20192: In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-2159

CVE-2022-20194 [HIGH] CVE-2022-20194: In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to loc In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510