CVSS: 6.7EPSS: 0%CPEs: 50EXPL: 0CVE-2022-32607
https://notcve.org/view.php?id=CVE-2022-32607
In aee, there is a possible use after free due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202891; Issue ID: ALPS07202891. En aee, existe un posible use-after-free debido a la falta de verificación de límites. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20453
https://notcve.org/view.php?id=CVE-2022-20453
In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104 En la actualización de MmsProvider.java, existe una posible restricción de los permisos del directorio debido a un error de path traversal. Esto podría dar lugar a una denegación local del servicio de reconocimiento de SIM sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. • https://source.android.com/security/bulletin/2022-11-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 35EXPL: 0CVE-2022-32613
https://notcve.org/view.php?id=CVE-2022-32613
In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. En vcu, existe una posible corrupción de la memoria debido a una condición de ejecución. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-32617
https://notcve.org/view.php?id=CVE-2022-32617
In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262364; Issue ID: ALPS07262364. En Typec, existe una posible escritura fuera de límites debido a un cálculo incorrecto del tamaño del búfer. • https://corp.mediatek.com/product-security-bulletin/November-2022 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20450
https://notcve.org/view.php?id=CVE-2022-20450
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-210065877 En restorePermissionState de PermissionManagerServiceImpl.java, existe una forma posible de omitir el consentimiento del usuario debido a que falta una verificación de permiso. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. No se necesita la interacción del usuario para la explotación. • https://source.android.com/security/bulletin/2022-11-01 • CWE-862: Missing Authorization •