| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33704 |
20 |
|
|
2022-07-12 |
2022-07-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. |
|
2 |
CVE-2022-33703 |
20 |
|
|
2022-07-12 |
2022-07-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. |
|
3 |
CVE-2022-33695 |
732 |
|
|
2022-07-12 |
2022-07-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. |
|
4 |
CVE-2022-30755 |
287 |
|
Bypass |
2022-07-12 |
2022-07-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. |
|
5 |
CVE-2022-30726 |
|
|
|
2022-06-07 |
2022-06-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. |
|
6 |
CVE-2022-27821 |
125 |
|
DoS |
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. |
|
7 |
CVE-2022-27576 |
668 |
|
|
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission |
|
8 |
CVE-2022-27575 |
668 |
|
|
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. |
|
9 |
CVE-2022-26091 |
287 |
|
Bypass |
2022-04-11 |
2022-04-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. |
|
10 |
CVE-2022-25832 |
287 |
|
|
2022-04-11 |
2022-04-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. |
|
11 |
CVE-2022-25822 |
416 |
|
|
2022-03-10 |
2022-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. |
|
12 |
CVE-2022-25815 |
|
|
|
2022-03-10 |
2022-03-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. |
|
13 |
CVE-2022-25814 |
|
|
|
2022-03-10 |
2022-03-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. |
|
14 |
CVE-2022-24931 |
863 |
|
|
2022-03-10 |
2022-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission |
|
15 |
CVE-2022-22292 |
|
|
|
2022-02-11 |
2022-02-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. |
|
16 |
CVE-2022-22270 |
552 |
|
|
2022-01-10 |
2022-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. |
|
17 |
CVE-2022-20228 |
416 |
|
Mem. Corr. |
2022-07-13 |
2022-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213850092 |
|
18 |
CVE-2022-20218 |
269 |
|
Exec Code |
2022-07-13 |
2022-07-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044 |
|
19 |
CVE-2022-20212 |
1021 |
|
|
2022-07-13 |
2022-07-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630 |
|
20 |
CVE-2022-20207 |
|
|
Bypass |
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714 |
|
21 |
CVE-2022-20204 |
|
|
|
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100 |
|
22 |
CVE-2022-20203 |
|
|
|
2022-06-15 |
2022-06-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation. |
|
23 |
CVE-2022-20202 |
787 |
|
Overflow |
2022-06-15 |
2022-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204704614 |
|
24 |
CVE-2022-20201 |
787 |
|
|
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220733817 |
|
25 |
CVE-2022-20197 |
|
|
Bypass |
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300 |
|
26 |
CVE-2022-20194 |
|
|
Bypass |
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510 |
|
27 |
CVE-2022-20193 |
|
|
Exec Code |
2022-06-15 |
2022-06-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116 |
|
28 |
CVE-2022-20192 |
|
|
Bypass |
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712 |
|
29 |
CVE-2022-20185 |
416 |
|
|
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A |
|
30 |
CVE-2022-20183 |
787 |
|
|
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A |
|
31 |
CVE-2022-20178 |
787 |
|
Overflow |
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A |
|
32 |
CVE-2022-20166 |
787 |
|
Overflow |
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel |
|
33 |
CVE-2022-20165 |
125 |
|
|
2022-06-15 |
2022-06-24 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A |
|
34 |
CVE-2022-20162 |
125 |
|
|
2022-06-15 |
2022-06-24 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A |
|
35 |
CVE-2022-20159 |
125 |
|
|
2022-06-15 |
2022-06-23 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A |
|
36 |
CVE-2022-20154 |
362 |
|
|
2022-06-15 |
2022-06-24 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel |
|
37 |
CVE-2022-20152 |
787 |
|
|
2022-06-15 |
2022-06-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006198References: N/A |
|
38 |
CVE-2022-20143 |
400 |
|
DoS |
2022-06-15 |
2022-06-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360 |
|
39 |
CVE-2022-20132 |
125 |
|
|
2022-06-15 |
2022-06-23 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel |
|
40 |
CVE-2022-20129 |
20 |
|
DoS |
2022-06-15 |
2022-06-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 |
|
41 |
CVE-2022-20112 |
269 |
|
Bypass |
2022-05-10 |
2022-05-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762 |
|
42 |
CVE-2022-20002 |
863 |
|
|
2022-03-30 |
2022-04-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 |
|
43 |
CVE-2021-39806 |
415 |
|
|
2022-06-15 |
2022-06-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420 |
|
44 |
CVE-2021-39804 |
476 |
|
DoS Exec Code |
2022-04-12 |
2022-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587 |
|
45 |
CVE-2021-39803 |
416 |
|
|
2022-04-12 |
2022-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350 |
|
46 |
CVE-2021-39789 |
863 |
|
|
2022-03-30 |
2022-04-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906 |
|
47 |
CVE-2021-39786 |
787 |
|
|
2022-03-30 |
2022-04-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247 |
|
48 |
CVE-2021-39784 |
269 |
|
|
2022-03-30 |
2022-04-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477 |
|
49 |
CVE-2021-39783 |
269 |
|
|
2022-03-30 |
2022-04-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597 |
|
50 |
CVE-2021-39782 |
269 |
|
|
2022-03-30 |
2022-04-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015 |
