CVE-2022-20228
- EPSS 0.56%
- Veröffentlicht 13.07.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:42:23
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
- EPSS 2.77%
- Veröffentlicht 13.07.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:42:24
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not nee...
CVE-2022-20230
- EPSS 0.09%
- Veröffentlicht 13.07.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:42:24
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is need...
CVE-2022-20234
- EPSS 0.34%
- Veröffentlicht 13.07.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:42:24
In Car Settings app, the NotificationAccessConfirmationActivity is exported. In NotificationAccessConfirmationActivity, it gets both 'mComponentName' and 'pkgTitle' from user.An unprivileged app can use a malicous mComponentName with a benign pkgTitl...
CVE-2022-20236
- EPSS 0.41%
- Veröffentlicht 13.07.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:42:24
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709
- EPSS 0.52%
- Veröffentlicht 13.07.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:42:25
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploit...
CVE-2022-20212
- EPSS 0.11%
- Veröffentlicht 13.07.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:42:21
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for expl...
- EPSS 0.52%
- Veröffentlicht 13.07.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:42:22
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916
CVE-2022-20217
- EPSS 0.3%
- Veröffentlicht 13.07.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:42:22
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378
CVE-2022-20218
- EPSS 0.12%
- Veröffentlicht 13.07.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:42:22
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...