Google Android vulnerabilities

CVE-2022-20107 [MEDIUM] CWE-190 CVE-2022-20107: In subtitle service, there is a possible application crash due to an integer overflow. This could le In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673.

CVE-2022-20100 [MEDIUM] CWE-862 CVE-2022-20100: In aee daemon, there is a possible information disclosure due to a missing permission check. This co In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804.

CVE-2022-20095 [MEDIUM] CWE-787 CVE-2022-20095: In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763.

CVE-2022-20090 [MEDIUM] CWE-362 CVE-2022-20090: In aee driver, there is a possible use after free due to a race condition. This could lead to local In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197.

CVE-2022-20102 [MEDIUM] CWE-862 CVE-2022-20102: In aee daemon, there is a possible information disclosure due to a missing permission check. This co In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405.

CVE-2022-20108 [MEDIUM] CWE-787 CVE-2022-20108: In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702.

CVE-2022-20098 [MEDIUM] CWE-862 CVE-2022-20098: In aee daemon, there is a possible information disclosure due to a missing permission check. This co In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017.

CVE-2022-20094 [MEDIUM] CWE-787 CVE-2022-20094: In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could l In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734.

CVE-2022-28787 [MEDIUM] CWE-125 CVE-2022-28787: Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

CVE-2022-20106 [MEDIUM] CWE-787 CVE-2022-20106: In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This cou In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.

CVE-2022-20096 [MEDIUM] CWE-908 CVE-2022-20096: In camera, there is a possible information disclosure due to uninitialized data. This could lead to In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003.

CVE-2022-28785 [MEDIUM] CWE-125 CVE-2022-28785: Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

CVE-2022-28788 [MEDIUM] CWE-125 CVE-2022-28788: Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

CVE-2022-20087 [MEDIUM] CWE-787 CVE-2022-20087: In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970.

CVE-2022-20089 [MEDIUM] CVE-2022-20089: In aee driver, there is a possible memory corruption due to active debug code. This could lead to lo In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397.

CVE-2022-20105 [MEDIUM] CWE-787 CVE-2022-20105: In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This co In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.

CVE-2022-28786 [MEDIUM] CWE-125 CVE-2022-28786: Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

CVE-2022-20104 [MEDIUM] CVE-2022-20104: In aee daemon, there is a possible information disclosure due to improper access control. This could In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104.

CVE-2022-20103 [MEDIUM] CWE-59 CVE-2022-20103: In aee daemon, there is a possible information disclosure due to symbolic link following. This could In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684.

CVE-2022-20091 [MEDIUM] CWE-362 CVE-2022-20091: In aee driver, there is a possible use after free due to a race condition. This could lead to local In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345.