Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20528 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711
|
|||||
| CVE-2022-20522 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877
|
|||||
| CVE-2022-20520 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202
|
|||||
| CVE-2022-20519 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678
|
|||||
| CVE-2022-20518 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203
|
|||||
| CVE-2022-20517 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956
|
|||||
| CVE-2022-20516 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.5 HIGH |
|
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331
|
|||||
| CVE-2022-20515 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496
|
|||||
| CVE-2025-20660 | 2 Google, Mediatek | 2 Android, Mt9972 | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.
|
|||||
| CVE-2025-20657 | 2 Google, Mediatek | 14 Android, Mt6765, Mt6768 and 11 more | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.
|
|||||
| CVE-2022-20593 | 1 Google | 1 Android | 2025-04-18 | N/A | 4.4 MEDIUM |
|
In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415809References: N/A
|
|||||
| CVE-2022-20592 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A
|
|||||
| CVE-2022-20591 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A
|
|||||
| CVE-2022-20590 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A
|
|||||
| CVE-2022-20589 | 1 Google | 1 Android | 2025-04-18 | N/A | 4.4 MEDIUM |
|
In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A
|
|||||
| CVE-2022-20588 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A
|
|||||
| CVE-2022-20587 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A
|
|||||
| CVE-2022-20586 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A
|
|||||
| CVE-2022-20585 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A
|
|||||
| CVE-2022-20584 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A
|
|||||
| CVE-2022-20583 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A
|
|||||
| CVE-2022-20582 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A
|
|||||
| CVE-2022-20581 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A
|
|||||
| CVE-2022-20580 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A
|
|||||
| CVE-2022-20579 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A
|
|||||
| CVE-2022-20578 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A
|
|||||
| CVE-2022-20577 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A
|
|||||
| CVE-2022-20576 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A
|
|||||
| CVE-2022-20575 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237585040References: N/A
|
|||||
| CVE-2022-20574 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A
|
|||||
| CVE-2022-20572 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel
|
|||||
| CVE-2022-20571 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel
|
|||||
| CVE-2022-42511 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762712References: N/A
|
|||||
| CVE-2022-42510 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762656References: N/A
|
|||||
| CVE-2022-42509 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241544307References: N/A
|
|||||
| CVE-2022-42504 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A
|
|||||
| CVE-2022-42503 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231983References: N/A
|
|||||
| CVE-2022-42502 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A
|
|||||
| CVE-2022-42501 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A
|
|||||
| CVE-2022-20610 | 1 Google | 1 Android | 2025-04-18 | N/A | 8.8 HIGH |
|
In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A
|
|||||