CVE-2022-20356
- EPSS 0.11%
- Veröffentlicht 10.08.2022 20:15:27
- Zuletzt bearbeitet 08.09.2025 19:15:32
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution pr...
CVE-2022-20357
- EPSS 0.1%
- Veröffentlicht 10.08.2022 20:15:27
- Zuletzt bearbeitet 21.11.2024 06:42:39
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat...
CVE-2022-20358
- EPSS 0.18%
- Veröffentlicht 10.08.2022 20:15:27
- Zuletzt bearbeitet 03.09.2025 19:15:32
In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User ...
CVE-2022-20360
- EPSS 0.19%
- Veröffentlicht 10.08.2022 20:15:27
- Zuletzt bearbeitet 20.10.2025 18:15:36
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploita...
CVE-2022-20239
- EPSS 0.25%
- Veröffentlicht 10.08.2022 20:15:26
- Zuletzt bearbeitet 20.10.2025 18:15:35
remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploite...
- EPSS 0.09%
- Veröffentlicht 10.08.2022 20:15:26
- Zuletzt bearbeitet 21.11.2024 06:42:37
In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...
CVE-2022-20345
- EPSS 0.4%
- Veröffentlicht 10.08.2022 20:15:26
- Zuletzt bearbeitet 20.10.2025 18:15:35
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20346
- EPSS 0.41%
- Veröffentlicht 10.08.2022 20:15:26
- Zuletzt bearbeitet 20.10.2025 18:15:36
In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interacti...
CVE-2022-20347
- EPSS 0.81%
- Veröffentlicht 10.08.2022 20:15:26
- Zuletzt bearbeitet 20.10.2025 18:15:36
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interac...
CVE-2022-20348
- EPSS 0.11%
- Veröffentlicht 10.08.2022 20:15:26
- Zuletzt bearbeitet 21.11.2024 06:42:38
In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. ...