Google Android vulnerabilities

CVE-2021-39629 [HIGH] CWE-362 CVE-2021-39629: In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a ra In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344

CVE-2021-39620 [HIGH] CWE-416 CVE-2021-39620: In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after f In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-203847542

CVE-2021-39622 [HIGH] CWE-862 CVE-2021-39622: In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission ch In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648

CVE-2021-1037 [MEDIUM] CWE-862 CVE-2021-1037: The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permissio The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906

CVE-2021-39659 [MEDIUM] CWE-755 CVE-2021-39659: In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible preventio In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 A

CVE-2021-39628 [LOW] CWE-668 CVE-2021-39628: In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031

CVE-2022-22264 [HIGH] CWE-20 CVE-2022-22264: Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local a Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.

CVE-2022-22265 [HIGH] CWE-703 CVE-2022-22265: An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

CVE-2022-22268 [MEDIUM] CWE-285 CVE-2022-22268: Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate a Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.

CVE-2022-22263 [MEDIUM] CWE-269 CVE-2022-22263: Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applica Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.

CVE-2022-22271 [MEDIUM] CWE-125 CVE-2022-22271: A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allow A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

CVE-2022-22270 [LOW] CWE-94 CVE-2022-22270: An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivil An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

CVE-2022-22272 [LOW] CWE-285 CVE-2022-22272: Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get I Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission

CVE-2022-22267 [LOW] CWE-285 CVE-2022-22267: Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 all Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.

CVE-2022-22266 [LOW] CWE-269 CVE-2022-22266: (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity applicati (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.

CVE-2022-22269 [LOW] CWE-285 CVE-2022-22269: Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allo Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.

CVE-2022-20012 [HIGH] CWE-190 CVE-2022-20012: In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.

CVE-2022-20014 [MEDIUM] CWE-787 CVE-2022-20014: In vow driver, there is a possible memory corruption due to improper input validation. This could le In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue ID: ALPS05857308.

CVE-2022-20023 [MEDIUM] CWE-772 CVE-2022-20023: In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_r In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.

CVE-2022-20015 [MEDIUM] CWE-908 CVE-2022-20015: In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This c In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966.