CVE-2022-20417 AudioTransportsToHal in HidlUtils.cpp has a possible out of bounds write due to a bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
An out of bounds write has been found in the audioTransportToHal() function of HidlUtils.cpp. By sending a large audio chunk (at least 10MB) in
CVE-2022-20410 Avrc_pars_ctrl_pars_vendor_rsp has an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.
This issue has been fixed in the latest Google Android releases. Google released the patch updated for these versions: Android 6.0.1, 7.0,
CVE-2022-20422 In the armv8_deprecated.c emulation_proc_handler, there is a race condition that can corrupt memory. This could lead to local escalation of privilege with no additional execution privileges needed.
This issue has been addressed by Google by updating the kernel. It is recommended to apply the vendor updates as soon as possible. At the
CVE-2022-20423 In rndis_set_response of rndis.c, there is an integer overflow that could lead to local escalation of privilege if a malicious USB device is attached.
This issue has been fixed in the latest version of the kernel as of version 4.15. The update can be installed using the standard
CVE-2022-20421 In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.
This issue has been fixed in the latest version of Google's mobile operating system, version 6.0. This issue is related to the
Episode
00:00:00
00:00:00