CVE-2022-20421
https://notcve.org/view.php?id=CVE-2022-20421
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel En la función binder_inc_ref_for_node del archivo binder.c, se presenta una posible forma de corromper la memoria debido a un uso de memoria previamente liberada. Esto podría conllevar a una escalada local de privilegios sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://source.android.com/security/bulletin/2022-10-01 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •
CVE-2022-36868
https://notcve.org/view.php?id=CVE-2022-36868
Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. Una restricción inapropiada de la intención de transmisión en MouseNKeyHidDevice versiones anteriores a SMR Oct-2022 Release 1,, filtra la dirección MAC del dispositivo Bluetooth conectado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-20: Improper Input Validation •
CVE-2022-39848
https://notcve.org/view.php?id=CVE-2022-39848
Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. La exposición de información confidencial en AT_Distributor versiones anteriores a SMR Oct-2022 Release 1, permite a un atacante local acceder a SerialNo por medio del registro • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVE-2022-39853
https://notcve.org/view.php?id=CVE-2022-39853
A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. Una vulnerabilidad de uso de memoria previamente liberada en el controlador perf-mgr versiones anteriores a SMR Oct-2022 Release 1, permite a un atacante causar un fallo de acceso a la memoria • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-416: Use After Free •
CVE-2022-32591
https://notcve.org/view.php?id=CVE-2022-32591
In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259. En ril, se presenta un posible bloqueo del sistema debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-20: Improper Input Validation •