Security Vulnerabilities - CVEs Published In September 2022
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-13
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-13
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-13
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-13
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-13
In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-13
In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-13
In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-234440688
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-13
In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-13
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-13