CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20417
https://notcve.org/view.php?id=CVE-2022-20417
11 Oct 2022 — In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237288416 En la función audioTransportsToHal del archivo HidlUtils.cpp, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorrecta. Esto p... • https://source.android.com/security/bulletin/2022-10-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20425
https://notcve.org/view.php?id=CVE-2022-20425
11 Oct 2022 — In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407 En la función addAutomaticZenRule del archivo ZenModeHelper.java, se presenta una posible degradación permanente del rendimiento debido a un agota... • https://source.android.com/security/bulletin/2022-10-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20410
https://notcve.org/view.php?id=CVE-2022-20410
11 Oct 2022 — In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663 En la función avrc_ctrl_pars_vendor_rsp del archivo avrc_pars_ct.cc, se presenta una posible lectura fuera de límites debido a un desbordamiento d... • https://source.android.com/security/bulletin/2022-10-01 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20415
https://notcve.org/view.php?id=CVE-2022-20415
11 Oct 2022 — In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-231322873 En la función handleFullScreenIntent del archivo StatusBarNotificationAct... • https://source.android.com/security/bulletin/2022-10-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20351
https://notcve.org/view.php?id=CVE-2022-20351
11 Oct 2022 — In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921 En la función queryInternal del archivo CallLogProvider.java, se presenta un posible acceso a la información del buzón de voz debido a una inyección SQL. Esto... • https://source.android.com/security/bulletin/2022-10-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-20413
https://notcve.org/view.php?id=CVE-2022-20413
11 Oct 2022 — In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634 En el inicio del archivo Threads.cpp, se presenta una posible forma de grabar el audio durante una llamada telefónica debido a un error lógico en el códi... • https://github.com/pazhanivel07/frameworks_av-r33_CVE-2022-20413 •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20412
https://notcve.org/view.php?id=CVE-2022-20412
11 Oct 2022 — In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230794395 En la función fdt_next_tag del archivo fdt.c, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a un... • https://source.android.com/security/bulletin/2022-10-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20420
https://notcve.org/view.php?id=CVE-2022-20420
11 Oct 2022 — In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238377411 En la función getBackgroundRestrictionExemptionReason del archivo AppRestrictionController.java, se presenta una posible forma de salta... • https://source.android.com/security/bulletin/2022-10-01 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20418
https://notcve.org/view.php?id=CVE-2022-20418
11 Oct 2022 — In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464 En la función pickStartSeq del archivo AAVCAssembler.cpp, se presenta una posible lectura fuera de límites debido a una comprobación de límites que falta. Esto podría conllevar... • https://source.android.com/security/bulletin/2022-10-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39853
https://notcve.org/view.php?id=CVE-2022-39853
07 Oct 2022 — A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. Una vulnerabilidad de uso de memoria previamente liberada en el controlador perf-mgr versiones anteriores a SMR Oct-2022 Release 1, permite a un atacante causar un fallo de acceso a la memoria • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-416: Use After Free •