Google Android vulnerabilities

CVE-2022-23425 [CRITICAL] CWE-20 CVE-2022-23425: Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to sen Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.

CVE-2021-39677 [HIGH] CWE-125 CVE-2021-39677: In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘ In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028

CVE-2021-39676 [HIGH] CWE-20 CVE-2021-39676: In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mi In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210

CVE-2021-39663 [HIGH] CWE-610 CVE-2021-39663: In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a pe In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135

CVE-2021-39662 [HIGH] CWE-862 CVE-2021-39662: In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Androi

CVE-2021-39669 [HIGH] CWE-1021 CVE-2021-39669: In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12

CVE-2021-39668 [HIGH] CWE-610 CVE-2021-39668: In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused dep In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID:

CVE-2021-39674 [HIGH] CWE-416 CVE-2021-39674: In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after fre In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201083442

CVE-2022-22292 [HIGH] CWE-280 CVE-2022-22292: Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted application Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.

CVE-2021-39619 [HIGH] CVE-2021-39619: In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security a In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Androi

CVE-2022-23428 [HIGH] CWE-120 CVE-2022-23428: An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitr An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

CVE-2022-23427 [HIGH] CWE-20 CVE-2022-23427: PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 a PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.

CVE-2021-39631 [MEDIUM] CVE-2021-39631: In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functional In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-

CVE-2021-39666 [MEDIUM] CWE-125 CVE-2021-39666: In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input valid In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255

CVE-2021-39671 [MEDIUM] CWE-908 CVE-2021-39671: In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to unini In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630

CVE-2022-24925 [MEDIUM] CWE-20 CVE-2022-24925: Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.

CVE-2021-39665 [MEDIUM] CWE-787 CVE-2021-39665: In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881

CVE-2021-39664 [MEDIUM] CWE-125 CVE-2021-39664: In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bo In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029

CVE-2022-22291 [MEDIUM] CWE-779 CVE-2022-22291: Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileg Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.

CVE-2022-23429 [MEDIUM] CWE-125 CVE-2022-23429: An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.