Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 78 |
CVE-ID | CVE-2022-20190 CVE-2022-20183 CVE-2022-20178 CVE-2022-20155 CVE-2022-20152 CVE-2021-39653 CVE-2022-20181 CVE-2022-20168 CVE-2022-20177 CVE-2022-20146 CVE-2022-20165 CVE-2022-20162 CVE-2022-20159 CVE-2022-20186 CVE-2022-20167 CVE-2022-20164 CVE-2022-20156 CVE-2022-20185 CVE-2022-20149 CVE-2022-20233 CVE-2022-20188 CVE-2020-27068 CVE-2022-0185 CVE-2021-33034 CVE-2021-35121 CVE-2021-35120 CVE-2021-35119 CVE-2021-35118 CVE-2022-20184 CVE-2022-20151 CVE-2022-20182 CVE-2022-20179 CVE-2022-20176 CVE-2022-20175 CVE-2022-20174 CVE-2022-20172 CVE-2022-20169 CVE-2022-20173 CVE-2022-20191 CVE-2021-39806 CVE-2022-20209 CVE-2022-20206 CVE-2022-20205 CVE-2022-20200 CVE-2022-20198 CVE-2022-20207 CVE-2022-20194 CVE-2022-20139 CVE-2022-20202 CVE-2022-20195 CVE-2022-20196 CVE-2021-0983 CVE-2022-20204 CVE-2022-20201 CVE-2022-20197 CVE-2022-20193 CVE-2022-20192 CVE-2022-20208 CVE-2018-25020 CVE-2022-20171 CVE-2022-20154 CVE-2022-20170 CVE-2022-20160 CVE-2022-26966 CVE-2021-3753 CVE-2021-3743 CVE-2022-23222 CVE-2022-20166 CVE-2022-20153 CVE-2021-3635 CVE-2022-20148 CVE-2022-0492 CVE-2021-44733 CVE-2021-34556 CVE-2021-31440 CVE-2021-20321 CVE-2021-20268 CVE-2021-3715 |
CWE-ID | CWE-200 CWE-264 CWE-269 CWE-20 CWE-125 CWE-190 CWE-416 CWE-129 CWE-415 CWE-823 CWE-119 CWE-682 CWE-362 |
Exploitation vector | Local network |
Public exploit |
Public exploit code for vulnerability #14 is available. Vulnerability #23 is being exploited in the wild. Public exploit code for vulnerability #67 is available. Public exploit code for vulnerability #72 is available. Public exploit code for vulnerability #73 is available. |
Vulnerable software |
Pixel Mobile applications / Mobile firmware & hardware |
Vendor |
Security Bulletin
This security bulletin contains information about 78 vulnerabilities.
EUVDB-ID: #VU64237
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20190
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64244
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20183
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the kernel. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64243
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20178
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Camera. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64242
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20155
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Kernel. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64241
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20152
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the TitanM. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64240
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-39653
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing warning to the user. A local user can trigger the vulnerability to escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64239
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20181
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Modem. A malicious application can trick the victim to perform certain actions and crash the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64238
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20168
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Modem. A malicious application can trick the victim to perform certain actions and crash the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20177
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20146
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Telephony. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64235
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20165
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Titan-M. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64226
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20162
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Titan-M. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20159
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Titan-M. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64223
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-20186
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Display/graphics. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU64222
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20167
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Modem. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64221
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20164
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Modem. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64220
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20156
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Display/graphics. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64245
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20185
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Kernel. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64247
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20149
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64217
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20233
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Titan-M. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20188
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-27068
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Kernel. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59695
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-0185
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in the legacy_parse_param() function in fs/fs_context.c in Linux kernel. A local user can tun a specially crafted program to trigger integer overflow and execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU54454
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-33034
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in net/bluetooth/hci_event.c when destroying an hci_chan. A local user can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64029
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-35121
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a improper validation of array index in MM Framework. A local administrator can trigger use-after-free condition in the Synx driver and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64028
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-35120
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in MM Frameworks. A local administrator can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-35119
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in FIPS event processing. A local user can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64025
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-35118
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the camera driver. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20184
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64248
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20151
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64255
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20182
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Bootloader. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64254
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20179
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64253
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20176
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64252
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20175
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64251
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20174
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Bootloader. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64249
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20172
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Telephony. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64250
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20169
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Modem. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64218
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20173
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64215
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20191
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64161
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-39806
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Framework. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64173
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20209
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Media Framework. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64181
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20206
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the System. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64180
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20205
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the System. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64179
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20200
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the System. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64178
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20198
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the System. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64176
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20207
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the System. A local application can bypass security restrictions and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64175
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20194
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the System. A local application can bypass security restrictions and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64174
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20139
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the System. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64172
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20202
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Media Framework. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64183
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20195
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the System. A malicious application can trick the victim to perform certain actions and crash the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64170
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20196
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Framework. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64169
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-0983
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Framework. A local application can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64167
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20204
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Framework. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64165
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20201
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Framework. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64164
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20197
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Framework. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64163
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20193
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Framework. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64162
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20192
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to an unspecified error in the Framework. A local application can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64182
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20208
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the System. A local application can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61205
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-25020
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the BPF subsystem in the Linux kernel in ernel/bpf/core.c and net/core/filter.c. The kernel mishandles situations with a long jump over an instruction sequence
where inner instructions require substantial expansions into multiple
BPF instructions. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64214
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20171
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64207
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20154
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Linux Kernel. A local user can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64213
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20170
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64212
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker on the local network to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63318
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-26966
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in drivers/net/usb/sr9700.c in the Linux kernel. A remote attacker can pass specially crafted data and obtain sensitive information from heap memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64210
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3753
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63913
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59896
Risk: Low
CVSSv4.0: 6.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-23222
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c in the Linux kernel. A local user can run a specially crafted program to execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU64208
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20166
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Linux Kernel. A local user can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64206
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20153
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Linux Kernel. A local user can bypass security restrictions and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64185
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3635
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary error in the Linux kernel netfilter implementation. A local user with root (CAP_SYS_ADMIN) access can panic the system when issuing netfilter netflow commands.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64204
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20148
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Linux Kernel. A local user can bypass security restrictions and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61245
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-0492
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU59100
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2021-44733
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU64203
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-34556
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64201
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-31440
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to out-of-bounds access flaw in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking unsigned 32-bit instructions in an eBPF program occurs. A local user can use this flaw to crash the system or possibly escalate their privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-20321
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attacks.
The vulnerability exists due to a race condition when accessing file object in the Linux kernel OverlayFS subsystem. A local user can rename files in specific way with OverlayFS and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64199
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-20268
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. A local user can crash the system or escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU56393
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3715
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem (route4_change() function in net/sched/cls_route.c) in the way it handled changing of classification filters. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPixel: before 12L 2022-06-05
CPE2.3 External linkshttp://source.android.com/security/bulletin/pixel/2022-06-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.