Multiple vulnerabilities in Google Android

1) Buffer over-read

EUVDB-ID: #VU74331

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40503

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Bluetooth Host.. A remote attacker can read and manipulate data.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Double Free

EUVDB-ID: #VU74305

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33231

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU74307

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33288

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Validation of Array Index

EUVDB-ID: #VU74308

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33289

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

The vulnerability allows a local attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Modem. A local attacker can execute arbitrary code.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Validation of Array Index

EUVDB-ID: #VU74309

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33302

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

The vulnerability allows a local attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in User Identity Module. A local attacker can execute arbitrary code.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU74320

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33269

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU74321

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33270

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU74327

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40532

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer underflow

EUVDB-ID: #VU74332

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21630

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Multimedia Framework. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU71481

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4696

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in io_uring and the IORING_OP_SPLICE operation. A local user can trigger a use-after-free error and escalate privileges on the system.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU74396

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0874

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU74380

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code with elevated privileges.

The vulnerability exists due to a boundary error in drivers/usb/gadget/function/f_accessory.c. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU74382

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33917

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code with escalated privileges.

The vulnerability exists due to a use-after-free error when processing GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU74383

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36449

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU74191

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-38181

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, this vulnerability is known to be exploited in targeted attacks spotted in November 2022.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

16) Use-after-free

EUVDB-ID: #VU74385

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41757

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU74386

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42716

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU74394

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0872

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU74395

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0873

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU74397

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0875

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU74406

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0885

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU74398

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0876

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU74399

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0878

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU74400

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0879

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU74401

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU74402

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0881

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU74403

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0882

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU74404

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0883

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Input validation error

EUVDB-ID: #VU74405

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0884

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 11 - 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU69044

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20463

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Wi-Fi component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Install updates from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU74377

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21091

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Information exposure

EUVDB-ID: #VU74372

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20909

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Information exposure

EUVDB-ID: #VU74376

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21083

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Information exposure

EUVDB-ID: #VU74375

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21082

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Information exposure

EUVDB-ID: #VU74374

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21080

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Information exposure

EUVDB-ID: #VU74373

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20935

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU74370

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21099

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU74366

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU74363

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20950

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 12L 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU74362

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21090

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU74360

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21098

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU74359

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21097

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU74358

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21094

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU74357

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21092

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper input validation

EUVDB-ID: #VU74356

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21089

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper input validation

EUVDB-ID: #VU74355

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21088

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper input validation

EUVDB-ID: #VU74354

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21081

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU74364

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21085

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU74361

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21087

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper input validation

EUVDB-ID: #VU74371

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21100

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU74368

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21086

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper input validation

EUVDB-ID: #VU74369

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21093

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the MediaProvider component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper input validation

EUVDB-ID: #VU74367

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21084

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper input validation

EUVDB-ID: #VU74365

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21096

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Install security update from vendor's website.

Google Android: before 13 2023-04-01

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Information disclosure

EUVDB-ID: #VU70005

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20471

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error within the Bluetooth component. A local application can gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

Google Android: before 13 2023-04-05

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Out-of-bounds write

EUVDB-ID: #VU74507

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32599

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a logic error within rpmb. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 13 2023-04-05

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper input validation

EUVDB-ID: #VU74508

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20652

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 13 2023-04-05

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper input validation

EUVDB-ID: #VU74509

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20653

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 13 2023-04-05

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper input validation

EUVDB-ID: #VU74510

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20654

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 13 2023-04-05

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper input validation

EUVDB-ID: #VU74511

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20655

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a parcel format mismatch within mmsdk. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 13 2023-04-05

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Write-what-where Condition

EUVDB-ID: #VU74512

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20656

CWE-ID: CWE-123 - Write-what-where Condition

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a logic error within geniezone. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 13 2023-04-05

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Out-of-bounds write

EUVDB-ID: #VU74513

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20657

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within mtee. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Google Android: before 13 2023-04-05

http://source.android.com/docs/security/bulletin/2023-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.