CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android » * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-20408 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A
2 CVE-2022-20407 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A
3 CVE-2022-20406 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A
4 CVE-2022-20405 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A
5 CVE-2022-20404 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A
6 CVE-2022-20403 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A
7 CVE-2022-20402 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A
8 CVE-2022-20401 125 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post-authentication with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-226446030References: N/A
9 CVE-2022-20400 787 Exec Code 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225178325References: N/A
10 CVE-2022-20384 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A
11 CVE-2022-20383 190 Overflow 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222408847References: N/A
12 CVE-2022-20382 787 Overflow 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-214245176References: Upstream kernel
13 CVE-2022-20381 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A
14 CVE-2022-20380 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A
15 CVE-2022-20379 416 Exec Code 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209436980References: N/A
16 CVE-2022-20378 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A
17 CVE-2022-20377 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222339795References: N/A
18 CVE-2022-20376 416 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216130110References: N/A
19 CVE-2022-20375 125 DoS Exec Code 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180956894References: N/A
20 CVE-2022-20374 326 Bypass 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
On specific devices, there is a possible bypass of configuration integrity due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201078231References: N/A
21 CVE-2022-20373 362 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208269510References: N/A
22 CVE-2022-20372 416 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195480799References: N/A
23 CVE-2022-20371 362 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195565510References: Upstream kernel
24 CVE-2022-20370 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-215730643References: N/A
25 CVE-2022-20369 787 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel
26 CVE-2022-20368 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel
27 CVE-2022-20367 190 Overflow 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In construct_transaction of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225877459References: N/A
28 CVE-2022-20366 190 Overflow 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-225877745References: N/A
29 CVE-2022-20365 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-229632566References: N/A
30 CVE-2022-20254 269 Bypass 2022-08-12 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-223377547
31 CVE-2022-20253 DoS 2022-08-12 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In Bluetooth, there is a possible cleanup failure due to an uncaught exception. This could lead to remote denial of service in Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545125
32 CVE-2022-20239 610 2022-08-10 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091
33 CVE-2022-20238 119 Overflow 2022-07-13 2022-07-26
10.0
None Remote Low Not required Complete Complete Complete
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555
34 CVE-2022-20237 Exec Code 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229621649References: N/A
35 CVE-2022-20236 119 Overflow 2022-07-13 2022-07-25
7.8
None Remote Low Not required None None Complete
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709
36 CVE-2022-20233 787 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A
37 CVE-2022-20227 125 Overflow 2022-07-13 2022-07-26
2.1
None Local Low Not required Partial None None
In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernel
38 CVE-2022-20217 863 2022-07-13 2022-07-20
0.0
None ??? ??? ??? ??? ??? ???
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378
39 CVE-2022-20216 2022-07-13 2022-07-21
10.0
None Remote Low Not required Complete Complete Complete
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916
40 CVE-2022-20210 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888
41 CVE-2022-20191 2022-06-15 2022-06-24
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A
42 CVE-2022-20190 2022-06-15 2022-06-24
7.8
None Remote Low Not required Complete None None
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A
43 CVE-2022-20188 2022-06-15 2022-06-24
5.0
None Remote Low Not required Partial None None
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A
44 CVE-2022-20186 20 Exec Code 2022-06-15 2022-06-24
7.2
None Local Low Not required Complete Complete Complete
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A
45 CVE-2022-20185 416 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A
46 CVE-2022-20184 2022-06-15 2022-06-24
5.0
None Remote Low Not required Partial None None
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A
47 CVE-2022-20183 787 2022-06-15 2022-06-24
4.6
None Local Low Not required Partial Partial Partial
In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A
48 CVE-2022-20182 2022-06-15 2022-06-24
2.1
None Local Low Not required Partial None None
In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/A
49 CVE-2022-20181 2022-06-15 2022-06-24
7.8
None Remote Low Not required None None Complete
Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A
50 CVE-2022-20180 Exec Code 2022-08-11 2022-08-13
0.0
None ??? ??? ??? ??? ??? ???
In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212804042References: N/A
Total number of vulnerabilities : 918   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.