Security Vulnerabilities - CVEs Published In June 2022
In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A
CVSS Score
6.7
EPSS Score
0.0
Published
2022-06-15
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A
CVSS Score
7.8
EPSS Score
0.025
Published
2022-06-15
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-15
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-15
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A
CVSS Score
9.8
EPSS Score
0.001
Published
2022-06-15
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712
CVSS Score
7.8
EPSS Score
0.0
Published
2022-06-15
In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116
CVSS Score
7.3
EPSS Score
0.0
Published
2022-06-15
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510
CVSS Score
7.8
EPSS Score
0.0
Published
2022-06-15
In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420
CVSS Score
7.8
EPSS Score
0.0
Published
2022-06-15
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972
CVSS Score
7.8
EPSS Score
0.0
Published
2022-06-15