Vulnerabilities > Google > Android > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-20239 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091
network
low complexity
google CWE-610
critical
9.8
2022-07-13 CVE-2022-20216 Unspecified vulnerability in Google Android
android exported is used to set third-party app access permissions, and the default value of intent-filter is true.
network
low complexity
google
critical
10.0
2022-07-13 CVE-2022-20222 Out-of-bounds Write vulnerability in Google Android 12.0/12.1
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check.
network
low complexity
google CWE-787
critical
10.0
2022-07-13 CVE-2022-20229 Out-of-bounds Write vulnerability in Google Android
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check.
network
low complexity
google CWE-787
critical
10.0
2022-07-13 CVE-2022-20238 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555
network
low complexity
google CWE-119
critical
10.0
2022-06-15 CVE-2022-20140 Out-of-bounds Write vulnerability in Google Android 12.0/12.1
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check.
network
low complexity
google CWE-787
critical
10.0
2022-06-15 CVE-2022-20145 Unspecified vulnerability in Google Android 11.0
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack.
network
low complexity
google
critical
10.0
2022-06-15 CVE-2022-20160 Unspecified vulnerability in Google Android
Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A
network
low complexity
google
critical
10.0
2022-06-15 CVE-2022-20164 Unspecified vulnerability in Google Android
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A
network
low complexity
google
critical
10.0
2022-06-15 CVE-2022-20167 Unspecified vulnerability in Google Android
Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A
network
low complexity
google
critical
10.0