CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20456
https://notcve.org/view.php?id=CVE-2022-20456
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780 • https://source.android.com/security/bulletin/2023-01-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20490
https://notcve.org/view.php?id=CVE-2022-20490
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505 • https://source.android.com/security/bulletin/2023-01-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20915
https://notcve.org/view.php?id=CVE-2023-20915
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197 En addOrReplacePhoneAccount de PhoneAccountRegistrar.java, existe una forma posible de habilitar una cuenta de teléfono sin interacción del usuario debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. No se necesita la interacción del usuario para la explotación. • https://source.android.com/security/bulletin/2023-01-01 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-38684
https://notcve.org/view.php?id=CVE-2022-38684
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. En el servicio de contactos, falta una verificación de permiso. Esto podría provocar una denegación de servicio local en el servicio de contactos sin necesidad de privilegios de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-39118
https://notcve.org/view.php?id=CVE-2022-39118
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. En el controlador sprd_sysdump, existe una posible escritura fuera de los límites debido a una comprobación de los límites faltante. Esto podría provocar una denegación de servicio local en el kernel. • https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •