Total
8334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20540 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506 | |||||
| CVE-2022-20537 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
| In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169 | |||||
| CVE-2025-20660 | 2 Google, Mediatek | 2 Android, Mt9972 | 2025-04-18 | N/A | N/A |
| In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186. | |||||
| CVE-2025-20657 | 2 Google, Mediatek | 14 Android, Mt6765, Mt6768 and 11 more | 2025-04-18 | N/A | N/A |
| In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609. | |||||
| CVE-2022-20587 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A | |||||
| CVE-2022-20586 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A | |||||
| CVE-2022-20600 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A | |||||
| CVE-2022-20598 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A | |||||
| CVE-2022-20577 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A | |||||
| CVE-2022-20589 | 1 Google | 1 Android | 2025-04-18 | N/A | 4.4 MEDIUM |
| In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A | |||||
| CVE-2022-20585 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A | |||||
| CVE-2022-20571 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel | |||||
| CVE-2022-20595 | 1 Google | 1 Android | 2025-04-18 | N/A | 4.4 MEDIUM |
| In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700137References: N/A | |||||
| CVE-2022-20575 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
| In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237585040References: N/A | |||||
| CVE-2022-20572 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel | |||||
| CVE-2022-20579 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A | |||||
| CVE-2022-20574 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
| In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A | |||||
| CVE-2022-20576 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A | |||||
| CVE-2022-20581 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A | |||||
| CVE-2022-20582 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A | |||||