# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-30756 |
|
|
|
2022-07-12 |
2022-07-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder. |
2 |
CVE-2022-30754 |
|
|
|
2022-07-12 |
2022-07-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. |
3 |
CVE-2022-30722 |
|
|
Bypass |
2022-06-07 |
2022-06-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. |
4 |
CVE-2022-28781 |
20 |
|
|
2022-05-03 |
2022-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. |
5 |
CVE-2022-27836 |
22 |
|
Dir. Trav. |
2022-04-11 |
2022-04-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access. |
6 |
CVE-2022-27830 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
7 |
CVE-2022-27829 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
8 |
CVE-2022-27828 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
9 |
CVE-2022-27827 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
10 |
CVE-2022-27826 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
11 |
CVE-2022-27574 |
787 |
|
|
2022-04-11 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. |
12 |
CVE-2022-27567 |
476 |
|
|
2022-04-11 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. |
13 |
CVE-2022-26097 |
476 |
|
|
2022-04-11 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
14 |
CVE-2022-26096 |
476 |
|
|
2022-04-11 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
15 |
CVE-2022-26095 |
476 |
|
|
2022-04-11 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
16 |
CVE-2022-26094 |
476 |
|
|
2022-04-11 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
17 |
CVE-2022-26093 |
476 |
|
|
2022-04-11 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. |
18 |
CVE-2022-26092 |
787 |
|
Exec Code |
2022-04-11 |
2022-04-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. |
19 |
CVE-2022-25818 |
119 |
|
Exec Code Overflow |
2022-03-10 |
2022-03-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. |
20 |
CVE-2022-25328 |
78 |
|
|
2022-02-25 |
2022-03-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above |
21 |
CVE-2022-24928 |
|
|
|
2022-03-10 |
2022-03-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. |
22 |
CVE-2022-23587 |
190 |
|
Overflow |
2022-02-04 |
2022-02-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
23 |
CVE-2022-20236 |
119 |
|
Overflow |
2022-07-13 |
2022-07-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709 |
24 |
CVE-2022-20233 |
787 |
|
|
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A |
25 |
CVE-2022-20223 |
610 |
|
|
2022-07-13 |
2022-07-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534 |
26 |
CVE-2022-20220 |
22 |
|
Dir. Trav. Bypass |
2022-07-13 |
2022-07-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-219015884 |
27 |
CVE-2022-20190 |
|
|
|
2022-06-15 |
2022-06-24 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A |
28 |
CVE-2022-20186 |
20 |
|
Exec Code |
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A |
29 |
CVE-2022-20181 |
|
|
|
2022-06-15 |
2022-06-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A |
30 |
CVE-2022-20168 |
|
|
|
2022-06-15 |
2022-06-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A |
31 |
CVE-2022-20156 |
20 |
|
Exec Code |
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A |
32 |
CVE-2022-20153 |
416 |
|
|
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel |
33 |
CVE-2022-20147 |
787 |
|
|
2022-06-15 |
2022-06-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105 |
34 |
CVE-2022-20144 |
|
|
|
2022-06-15 |
2022-12-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-250637906 |
35 |
CVE-2022-20142 |
|
|
Exec Code |
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962 |
36 |
CVE-2022-20138 |
|
|
|
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972 |
37 |
CVE-2022-20135 |
|
|
|
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465 |
38 |
CVE-2022-20134 |
20 |
|
|
2022-06-15 |
2022-06-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 |
39 |
CVE-2022-20133 |
|
|
Bypass |
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679 |
40 |
CVE-2022-20131 |
787 |
|
|
2022-06-15 |
2022-06-24 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662 |
41 |
CVE-2022-20125 |
|
|
Bypass |
2022-06-15 |
2022-06-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 |
42 |
CVE-2022-20124 |
|
|
Bypass |
2022-06-15 |
2022-12-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-170646036 |
43 |
CVE-2022-20123 |
125 |
|
|
2022-06-15 |
2022-06-23 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424 |
44 |
CVE-2022-20116 |
|
|
|
2022-05-10 |
2022-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212467440 |
45 |
CVE-2022-20114 |
269 |
|
Bypass |
2022-05-10 |
2022-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016 |
46 |
CVE-2022-20113 |
|
|
Exec Code |
2022-05-10 |
2022-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-205996517 |
47 |
CVE-2022-20009 |
787 |
|
|
2022-05-10 |
2022-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel |
48 |
CVE-2022-20005 |
|
|
Exec Code |
2022-05-10 |
2022-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219044664 |
49 |
CVE-2022-20004 |
276 |
|
|
2022-05-10 |
2022-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767 |
50 |
CVE-2021-39814 |
787 |
|
|
2022-04-12 |
2022-04-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A |