Google Android vulnerabilities

CVE-2022-30717 [HIGH] CWE-285 CVE-2022-30717: Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to u Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.

CVE-2022-30726 [HIGH] CWE-20 CVE-2022-30726: Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SM Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

CVE-2022-30729 [MEDIUM] CWE-923 CVE-2022-30729: Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.

CVE-2022-30715 [MEDIUM] CWE-284 CVE-2022-30715: Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.

CVE-2022-30709 [MEDIUM] CWE-20 CVE-2022-30709: Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

CVE-2022-30720 [MEDIUM] CWE-20 CVE-2022-30720: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

CVE-2022-30724 [MEDIUM] CWE-280 CVE-2022-30724: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-30716 [MEDIUM] CWE-280 CVE-2022-30716: Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 a Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

CVE-2022-30725 [MEDIUM] CWE-280 CVE-2022-30725: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-30719 [MEDIUM] CWE-20 CVE-2022-30719: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

CVE-2022-30723 [MEDIUM] CWE-280 CVE-2022-30723: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-30727 [MEDIUM] CWE-280 CVE-2022-30727: Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in Perso Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.

CVE-2022-30721 [MEDIUM] CWE-20 CVE-2022-30721: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

CVE-2022-28794 [LOW] CWE-213 CVE-2022-28794: Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows l Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.

CVE-2022-30728 [LOW] CWE-213 CVE-2022-30728: Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attacker Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

CVE-2022-30714 [LOW] CWE-213 CVE-2022-30714: Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local att Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

CVE-2022-21745 [HIGH] CWE-416 CVE-2022-21745: In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872.

CVE-2022-21757 [HIGH] CWE-354 CVE-2022-21757: In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.

CVE-2022-21753 [MEDIUM] CWE-787 CVE-2022-21753: In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could le In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899.

CVE-2022-21755 [MEDIUM] CWE-125 CVE-2022-21755: In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464.