CVSS: 6.7EPSS: 0%CPEs: 27EXPL: 0CVE-2022-32625
https://notcve.org/view.php?id=CVE-2022-32625
In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216. En display, hay una posible escritura fuera de los límites debido a una verificación de los límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2022 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 35EXPL: 0CVE-2022-32598
https://notcve.org/view.php?id=CVE-2022-32598
In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228. En Widevine, existe una posible escritura fuera de los límites debido a una verificación de los límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2022 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 55EXPL: 0CVE-2022-32619
https://notcve.org/view.php?id=CVE-2022-32619
In keyinstall, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07439659; Issue ID: ALPS07439659. En keyinstall, existe una posible escritura fuera de los límites debido a una verificación de los límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2022 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39879
https://notcve.org/view.php?id=CVE-2022-39879
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. Vulnerabilidad de autorización incorrecta en CallBGProvider antes de SMR Nov-2022 Release 1 permite a un atacante local otorgar permiso para acceder a información con el uid del teléfono. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=11 • CWE-285: Improper Authorization •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39886
https://notcve.org/view.php?id=CVE-2022-39886
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. Una vulnerabilidad de control de acceso inadecuado en IpcRxServiceModeBigDataInfo en RIL anterior a SMR Nov-2022 Release 1 permite a un atacante local acceder a la información del dispositivo. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=11 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •