CVSS: 4.4EPSS: 0%CPEs: 38EXPL: 0CVE-2023-20649
https://notcve.org/view.php?id=CVE-2023-20649
07 Mar 2023 — In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607. • https://corp.mediatek.com/product-security-bulletin/March-2023 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20932
https://notcve.org/view.php?id=CVE-2023-20932
28 Feb 2023 — In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 • https://source.android.com/security/bulletin/2023-02-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20948
https://notcve.org/view.php?id=CVE-2023-20948
28 Feb 2023 — In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526 • https://source.android.com/security/bulletin/2023-02-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20939
https://notcve.org/view.php?id=CVE-2023-20939
28 Feb 2023 — In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 • https://source.android.com/security/bulletin/2023-02-01 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-20933
https://notcve.org/view.php?id=CVE-2023-20933
28 Feb 2023 — In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 • https://github.com/Trinadh465/frameworks_av_CVE-2023-20933 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20934
https://notcve.org/view.php?id=CVE-2023-20934
28 Feb 2023 — In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042 • https://source.android.com/security/bulletin/2023-02-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20940
https://notcve.org/view.php?id=CVE-2023-20940
28 Feb 2023 — In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041 • https://source.android.com/security/bulletin/2023-02-01 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20481
https://notcve.org/view.php?id=CVE-2022-20481
28 Feb 2023 — In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115 • https://source.android.com/security/bulletin/2023-02-01 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-20944
https://notcve.org/view.php?id=CVE-2023-20944
28 Feb 2023 — In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 • https://github.com/Trinadh465/frameworks_base_CVE-2023-20944 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20551
https://notcve.org/view.php?id=CVE-2022-20551
28 Feb 2023 — In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549 • https://source.android.com/security/bulletin/2023-02-01 •