SB2023011110 - Multiple vulnerabilities in Google Android
Published: January 11, 2023 Updated: March 3, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 59 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-25746)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Kernel. A local privileged application can execute arbitrary code.
2) Integer overflow (CVE-ID: CVE-2022-22088)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Bluetooth HOST. A remote attacker can execute arbitrary code.
3) Buffer over-read (CVE-ID: CVE-2022-33255)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Bluetooth HOST. A remote attacker can read and manipulate data.
4) Cryptographic issues (CVE-ID: CVE-2021-35097)
CWE-ID: CWE-310 - Cryptographic Issues
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.
5) Cryptographic issues (CVE-ID: CVE-2021-35113)
CWE-ID: CWE-310 - Cryptographic Issues
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.
6) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2021-35134)
CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of ELF headers in Boot. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-23960)
CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.
The vulnerability was dubbed Spectre-BHB.
8) Use After Free (CVE-ID: CVE-2022-25725)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in MODEM. A local application can perform a denial of service (DoS) attack.
9) Buffer over-read (CVE-ID: CVE-2022-33252)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
10) Missing Authorization (CVE-ID: CVE-2022-44437)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
11) Buffer over-read (CVE-ID: CVE-2022-33253)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
12) Integer overflow (CVE-ID: CVE-2022-33266)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Audio. A local application can read and manipulate data.
13) Improper Validation of Array Index (CVE-ID: CVE-2022-33274)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Android Core. A local application can execute arbitrary code.
14) Buffer overflow (CVE-ID: CVE-2022-33276)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Modem. A local application can execute arbitrary code.
15) Buffer over-read (CVE-ID: CVE-2022-33283)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
16) Buffer over-read (CVE-ID: CVE-2022-33284)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
17) Buffer over-read (CVE-ID: CVE-2022-33285)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
18) Buffer over-read (CVE-ID: CVE-2022-33286)
CWE-ID: CWE-126 - Buffer over-read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
19) Missing Authorization (CVE-ID: CVE-2022-44438)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
20) Missing Authorization (CVE-ID: CVE-2022-44436)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
21) Use-after-free (CVE-ID: CVE-2022-42719)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mac80211 stack in Linux kernel when parsing a multi-BSSID element. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger a use-after-free error and execute arbitrary code.
22) Out-of-bounds write (CVE-ID: CVE-2022-32637)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within hevc decoder component. A local application can trigger out-of-bounds write and escalate privileges on the system.
23) Use-after-free (CVE-ID: CVE-2022-42720)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mac80211 stack in Linux kernel when parsing a multi-BSS element. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger a use-after-free error and execute arbitrary code.24) Buffer overflow (CVE-ID: CVE-2022-42721)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a list management error in the mac80211 stack in the Linux kernel when handling BSS. A remote attacker on the local network can send specially crafted WLAN frames to the system, trigger linked list corruption and execute arbitrary code.
25) Race condition (CVE-ID: CVE-2022-2959)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing lock in the pipe_resize_ring() function within the watch queue when performing operations on an object. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
26) Buffer overflow (CVE-ID: CVE-2022-41674)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WLAN frames within the ieee80211_bss_info_update() function in net/mac80211/scan.c in Linux kernel. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Use-after-free (CVE-ID: CVE-2023-20928)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Binder driver. A local application can trigger a race condition and execute arbitrary code with elevated privileges.
28) Buffer overflow (CVE-ID: CVE-2022-20235)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Imagination Technologies PowerVR-GPU component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
29) Out-of-bounds write (CVE-ID: CVE-2022-32635)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gps component. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
30) Integer overflow (CVE-ID: CVE-2022-32636)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to integer overflow within the keyinstall component. A local application can trigger integer overflow and escalate privileges on the system.
31) Integer Overflow or Wraparound (CVE-ID: CVE-2022-44425)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
32) Missing Authorization (CVE-ID: CVE-2022-44435)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
33) Integer Overflow or Wraparound (CVE-ID: CVE-2022-44426)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
34) Heap-based Buffer Overflow (CVE-ID: CVE-2022-44427)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
35) Heap-based Buffer Overflow (CVE-ID: CVE-2022-44428)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
36) Heap-based Buffer Overflow (CVE-ID: CVE-2022-44429)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
37) Heap-based Buffer Overflow (CVE-ID: CVE-2022-44430)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
38) Out-of-bounds write (CVE-ID: CVE-2022-44431)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
39) Integer Overflow or Wraparound (CVE-ID: CVE-2022-44432)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to read, manipulate or delete data.
The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.
40) Missing Authorization (CVE-ID: CVE-2022-44434)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.
41) Buffer overflow (CVE-ID: CVE-2023-20905)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
42) Buffer overflow (CVE-ID: CVE-2023-20904)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
43) Buffer overflow (CVE-ID: CVE-2023-20915)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
44) Buffer overflow (CVE-ID: CVE-2023-20912)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework in MediaProvider component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
45) Input validation error (CVE-ID: CVE-2023-20908)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.
46) Buffer overflow (CVE-ID: CVE-2023-20920)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
47) Buffer overflow (CVE-ID: CVE-2023-20918)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
48) Buffer overflow (CVE-ID: CVE-2022-20461)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
49) Buffer overflow (CVE-ID: CVE-2022-20492)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
50) Buffer overflow (CVE-ID: CVE-2022-20490)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
51) Buffer overflow (CVE-ID: CVE-2022-20489)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
52) Input validation error (CVE-ID: CVE-2023-20922)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.
53) Buffer overflow (CVE-ID: CVE-2023-20919)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
54) Buffer overflow (CVE-ID: CVE-2023-20921)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
55) Buffer overflow (CVE-ID: CVE-2022-20493)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
56) Buffer overflow (CVE-ID: CVE-2023-20913)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
57) Buffer overflow (CVE-ID: CVE-2023-20916)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
58) Input validation error (CVE-ID: CVE-2022-20494)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.
59) Buffer overflow (CVE-ID: CVE-2022-20456)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.