Google Android vulnerabilities

CVE-2022-20008 [MEDIUM] CVE-2022-20008: SD MMC Android Security Bulletin 2022-05-01 CVE: CVE-2022-20008 Severity: HIGH Type: ID Component: SD MMC References: A-216481035 Upstream kernel [2] [3]

CVE-2021-22600 [MEDIUM] CVE-2021-22600: Kernel Android Security Bulletin 2022-05-01 CVE: CVE-2021-22600 Severity: MEDIUM Type: EoP Component: Kernel References: A-213464034 Upstream kernel

CVE-2021-39808 [HIGH] CWE-862 CVE-2021-39808: In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service t In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An

CVE-2021-39807 [HIGH] CWE-269 CVE-2021-39807: In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Gu In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 A

CVE-2021-39798 [HIGH] CWE-119 CVE-2021-39798: In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a miss In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612

CVE-2021-39796 [HIGH] CWE-1021 CVE-2021-39796: In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick vic In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-1

CVE-2021-39794 [HIGH] CWE-276 CVE-2021-39794: In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell u In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 A

CVE-2021-0694 [HIGH] CWE-863 CVE-2021-0694: In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi

CVE-2021-39797 [HIGH] CWE-269 CVE-2021-39797: In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a l In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104

CVE-2021-39809 [HIGH] CWE-125 CVE-2021-39809: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a mis In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-20583

CVE-2021-39799 [HIGH] CWE-863 CVE-2021-39799: In AttributionSource of AttributionSource.java, there is a possible permission bypass due to imprope In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596

CVE-2021-39805 [MEDIUM] CWE-125 CVE-2021-39805: In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bou In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559

CVE-2021-39803 [MEDIUM] CWE-416 CVE-2021-39803: In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350

CVE-2021-39804 [MEDIUM] CWE-476 CVE-2021-39804: In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587

CVE-2022-27568 [CRITICAL] CWE-122 CVE-2022-27568: Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Ap Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

CVE-2022-26093 [CRITICAL] CWE-476 CVE-2022-26093: Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

CVE-2022-26096 [CRITICAL] CWE-476 CVE-2022-26096: Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

CVE-2022-26098 [CRITICAL] CWE-122 CVE-2022-26098: Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

CVE-2022-27569 [CRITICAL] CWE-122 CVE-2022-27569: Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Ap Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

CVE-2022-27567 [CRITICAL] CWE-476 CVE-2022-27567: Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.