Multiple vulnerabilities in Google Android



| Updated: 2023-03-03
Risk High
Patch available YES
Number of vulnerabilities 59
CVE-ID CVE-2022-25746
CVE-2022-22088
CVE-2022-33255
CVE-2021-35097
CVE-2021-35113
CVE-2021-35134
CVE-2022-23960
CVE-2022-25725
CVE-2022-33252
CVE-2022-44437
CVE-2022-33253
CVE-2022-33266
CVE-2022-33274
CVE-2022-33276
CVE-2022-33283
CVE-2022-33284
CVE-2022-33285
CVE-2022-33286
CVE-2022-44438
CVE-2022-44436
CVE-2022-42719
CVE-2022-32637
CVE-2022-42720
CVE-2022-42721
CVE-2022-2959
CVE-2022-41674
CVE-2023-20928
CVE-2022-20235
CVE-2022-32635
CVE-2022-32636
CVE-2022-44425
CVE-2022-44435
CVE-2022-44426
CVE-2022-44427
CVE-2022-44428
CVE-2022-44429
CVE-2022-44430
CVE-2022-44431
CVE-2022-44432
CVE-2022-44434
CVE-2023-20905
CVE-2023-20904
CVE-2023-20915
CVE-2023-20912
CVE-2023-20908
CVE-2023-20920
CVE-2023-20918
CVE-2022-20461
CVE-2022-20492
CVE-2022-20490
CVE-2022-20489
CVE-2023-20922
CVE-2023-20919
CVE-2023-20921
CVE-2022-20493
CVE-2023-20913
CVE-2023-20916
CVE-2022-20494
CVE-2022-20456
CWE-ID CWE-120
CWE-190
CWE-126
CWE-310
CWE-131
CWE-1037
CWE-416
CWE-862
CWE-129
CWE-787
CWE-119
CWE-362
CWE-122
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #58 is available.
Vulnerable software
Google Android
Operating systems & Components / Operating system

Vendor Google

Security Bulletin

This security bulletin contains information about 59 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU71013

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25746

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Kernel. A local privileged application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU71026

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22088

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Bluetooth HOST. A remote attacker can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer over-read

EUVDB-ID: #VU71027

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33255

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Bluetooth HOST. A remote attacker can read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cryptographic issues

EUVDB-ID: #VU64031

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35097

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cryptographic issues

EUVDB-ID: #VU64032

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35113

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect Calculation of Buffer Size

EUVDB-ID: #VU64033

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35134

CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of ELF headers in Boot. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65007

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23960

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to obtain potentially sensitive information.

The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.

The vulnerability was dubbed Spectre-BHB.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use After Free

EUVDB-ID: #VU71012

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25725

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in MODEM. A local application can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer over-read

EUVDB-ID: #VU71014

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33252

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Missing Authorization

EUVDB-ID: #VU70760

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44437

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer over-read

EUVDB-ID: #VU71015

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33253

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Integer overflow

EUVDB-ID: #VU71016

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33266

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Audio. A local application can read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper Validation of Array Index

EUVDB-ID: #VU71017

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33274

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Android Core. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU71018

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33276

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Modem. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer over-read

EUVDB-ID: #VU71019

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33283

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer over-read

EUVDB-ID: #VU71020

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33284

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer over-read

EUVDB-ID: #VU71021

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33285

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer over-read

EUVDB-ID: #VU71022

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33286

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Missing Authorization

EUVDB-ID: #VU70759

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44438

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Missing Authorization

EUVDB-ID: #VU70761

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44436

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU68313

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42719

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the mac80211 stack in Linux kernel when parsing a multi-BSSID element. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger a use-after-free error and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds write

EUVDB-ID: #VU70630

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32637

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within hevc decoder component. A local application can trigger out-of-bounds write and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU68314

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42720

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the mac80211 stack in Linux kernel when parsing a multi-BSS element. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger a use-after-free error and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU68316

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42721

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a list management error in the mac80211 stack in the Linux kernel when handling BSS. A remote attacker on the local network can send specially crafted WLAN frames to the system, trigger linked list corruption and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Race condition

EUVDB-ID: #VU66934

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2959

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a missing lock in the pipe_resize_ring() function within the watch queue when performing operations on an object. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU68311

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41674

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing WLAN frames within the ieee80211_bss_info_update() function in net/mac80211/scan.c in Linux kernel. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU71065

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20928

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Binder driver. A local application can trigger a race condition and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU71067

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20235

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in Imagination Technologies PowerVR-GPU component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds write

EUVDB-ID: #VU70617

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32635

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the gps component. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Integer overflow

EUVDB-ID: #VU70622

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32636

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to integer overflow within the keyinstall component. A local application can trigger integer overflow and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Integer Overflow or Wraparound

EUVDB-ID: #VU70757

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44425

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Missing Authorization

EUVDB-ID: #VU70762

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44435

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Integer Overflow or Wraparound

EUVDB-ID: #VU70756

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44426

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Heap-based Buffer Overflow

EUVDB-ID: #VU70755

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44427

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Heap-based Buffer Overflow

EUVDB-ID: #VU70754

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44428

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Heap-based Buffer Overflow

EUVDB-ID: #VU70753

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44429

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Heap-based Buffer Overflow

EUVDB-ID: #VU70752

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44430

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds write

EUVDB-ID: #VU70751

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44431

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Integer Overflow or Wraparound

EUVDB-ID: #VU70750

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44432

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to a possible missing bounds check within the wlan driver in WLAN Firmware. A local application can read, manipulate or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Missing Authorization

EUVDB-ID: #VU70763

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44434

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to a missing permission check within the messaging service in Android. A remote attacker can trick the victim to open a specially crafted file and compromise the affected device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 10 2023-01-05, 11 2023-01-05, 12 2023-01-05, 12L 2023-01-05, 13 2023-01-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer overflow

EUVDB-ID: #VU71063

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20905

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 10

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU71062

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20904

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 12L - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Buffer overflow

EUVDB-ID: #VU71061

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20915

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Buffer overflow

EUVDB-ID: #VU71049

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20912

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework in MediaProvider component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 13 2022-09-01 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU71055

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20908

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Buffer overflow

EUVDB-ID: #VU71046

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20920

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Buffer overflow

EUVDB-ID: #VU71045

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20918

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Buffer overflow

EUVDB-ID: #VU71059

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20461

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Buffer overflow

EUVDB-ID: #VU71043

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20492

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Buffer overflow

EUVDB-ID: #VU71042

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20490

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Buffer overflow

EUVDB-ID: #VU71041

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20489

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Input validation error

EUVDB-ID: #VU71057

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20922

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 11 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Buffer overflow

EUVDB-ID: #VU71051

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20919

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 13 2022-09-01 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Buffer overflow

EUVDB-ID: #VU71047

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20921

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Buffer overflow

EUVDB-ID: #VU71044

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20493

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer overflow

EUVDB-ID: #VU71060

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20913

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android System. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Buffer overflow

EUVDB-ID: #VU71050

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20916

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 12L - 12

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Input validation error

EUVDB-ID: #VU71053

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-20494

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local application can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

59) Buffer overflow

EUVDB-ID: #VU71040

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20456

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within Android Framework. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Google Android: 10 2020-12-05 - 13

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2023-01-01#2023-01-01-security-patch-level-vulnerability-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###