Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Android
(Google)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 6835 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-07 | CVE-2022-30727 | Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | Android | 5.5 | ||
| 2022-06-07 | CVE-2022-30728 | Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | Android | 3.3 | ||
| 2022-03-30 | CVE-2021-39767 | In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542 | Android | 7.8 | ||
| 2022-05-10 | CVE-2021-39738 | In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509 | Android | 7.8 | ||
| 2022-05-10 | CVE-2022-20117 | In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A | Android | 5.5 | ||
| 2022-05-10 | CVE-2022-20118 | In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A | Android | 7.0 | ||
| 2022-05-10 | CVE-2022-20119 | In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A | Android | 5.5 | ||
| 2022-05-10 | CVE-2022-20120 | Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A | Android | 9.8 | ||
| 2022-05-10 | CVE-2022-20121 | In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A | Android | 5.5 | ||
| 2022-05-10 | CVE-2022-20113 | In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-205996517 | Android | 7.8 |