CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20414
https://notcve.org/view.php?id=CVE-2022-20414
In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234441463 En setImpl de AlarmManagerService.java, existe una manera posible de poner un dispositivo en un bucle de arranque debido a una excepción no detectada. Esto podría provocar una Denegación de Servicio (DoS) local sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. • https://source.android.com/security/bulletin/2022-11-01 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0CVE-2022-21778
https://notcve.org/view.php?id=CVE-2022-21778
In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue ID: ALPS06382421. En vpu, existe una posible divulgación de información debido a una verificación de los límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2022-32612
https://notcve.org/view.php?id=CVE-2022-32612
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. En vcu, existe un posible use-after-free debido a una condición de ejecución. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20448
https://notcve.org/view.php?id=CVE-2022-20448
In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 En buzzBeepBlinkLocked de NotificationManagerService.java, existe una forma posible de compartir datos entre usuarios debido a una omisión de permisos. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. • https://source.android.com/security/bulletin/2022-11-01 •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-32618
https://notcve.org/view.php?id=CVE-2022-32618
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262454; Issue ID: ALPS07262454. En Typec, existe una posible escritura fuera de límites debido a un cálculo incorrecto del tamaño del búfer. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-131: Incorrect Calculation of Buffer Size •