Security Vulnerabilities - CVEs Published In March 2022
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVSS Score
7.8
EPSS Score
0.009
Published
2022-03-16
In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-16
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-16
In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341
CVSS Score
9.8
EPSS Score
0.006
Published
2022-03-16
In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208817618
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-16
Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A
CVSS Score
9.8
EPSS Score
0.001
Published
2022-03-16
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel
CVSS Score
4.4
EPSS Score
0.001
Published
2022-03-16
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A
CVSS Score
6.4
EPSS Score
0.0
Published
2022-03-16
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
CVSS Score
7.0
EPSS Score
0.0
Published
2022-03-16
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-16