Total
6576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20421 | 2 Debian, Google | 2 Debian Linux, Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel
|
|||||
| CVE-2022-20409 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel
|
|||||
| CVE-2022-20379 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209436980References: N/A
|
|||||
| CVE-2022-20325 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-186473060
|
|||||
| CVE-2022-20306 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
|
In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794
|
|||||
| CVE-2022-20228 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213850092
|
|||||
| CVE-2022-20185 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A
|
|||||
| CVE-2022-20141 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel
|
|||||
| CVE-2022-20122 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232441339
|
|||||
| CVE-2022-20118 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A
|
|||||
| CVE-2022-20091 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6731 and 43 more | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345.
|
|||||
| CVE-2022-20090 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6731 and 43 more | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197.
|
|||||
| CVE-2022-20062 | 2 Google, Mediatek | 37 Android, Mt6765, Mt6785 and 34 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418.
|
|||||
| CVE-2022-20052 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6735 and 43 more | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
|
In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642.
|
|||||
| CVE-2022-20045 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126820; Issue ID: ALPS06126820.
|
|||||
| CVE-2022-20044 | 2 Google, Mediatek | 7 Android, Mt8167, Mt8175 and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126814; Issue ID: ALPS06126814.
|
|||||
| CVE-2022-20035 | 2 Google, Mediatek | 32 Android, Mt6768, Mt6769 and 29 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675.
|
|||||
| CVE-2022-20031 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6582 90 and 52 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05850708; Issue ID: ALPS05850708.
|
|||||
| CVE-2022-1998 | 4 Fedoraproject, Linux, Netapp and 1 more | 13 Fedora, Linux Kernel, H300s and 10 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
|
|||||
| CVE-2022-1976 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
|
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.
|
|||||
| CVE-2022-1974 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.1 MEDIUM |
|
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
|
|||||
| CVE-2022-1973 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2024-11-21 | N/A | 7.1 HIGH |
|
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.
|
|||||
| CVE-2022-1968 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Use After Free in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-1934 | 1 Mruby | 1 Mruby | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Use After Free in GitHub repository mruby/mruby prior to 3.2.
|
|||||
| CVE-2022-1919 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2022-1898 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Use After Free in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-1882 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.
|
|||||
| CVE-2022-1870 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
|
|||||
| CVE-2022-1866 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.
|
|||||
| CVE-2022-1865 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
|
|||||
| CVE-2022-1864 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
|
|||||
| CVE-2022-1863 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
|
|||||
| CVE-2022-1861 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.
|
|||||
| CVE-2022-1860 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.
|
|||||
| CVE-2022-1859 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2022-1856 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.
|
|||||
| CVE-2022-1855 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2022-1854 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2022-1853 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2022-1796 | 1 Vim | 1 Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Use After Free in GitHub repository vim/vim prior to 8.2.4979.
|
|||||