Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-65264

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Jan, 2026 | 00:00
Updated At-27 Jan, 2026 | 19:09
Rejected At-
Credits

The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Jan, 2026 | 00:00
Updated At:27 Jan, 2026 | 19:09
Rejected At:
▼CVE Numbering Authority (CNA)

The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cpuid.com/softwares/cpu-z.html
N/A
https://github.com/cwjchoi01/CVE-2025-65264
N/A
Hyperlink: https://www.cpuid.com/softwares/cpu-z.html
Resource: N/A
Hyperlink: https://github.com/cwjchoi01/CVE-2025-65264
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Jan, 2026 | 17:16
Updated At:06 Feb, 2026 | 19:58

The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
cpuid
cpuid
>>cpu-z>>Versions up to 2.17(inclusive)
cpe:2.3:a:cpuid:cpu-z:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-20
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/cwjchoi01/CVE-2025-65264cve@mitre.org
Exploit
Third Party Advisory
https://www.cpuid.com/softwares/cpu-z.htmlcve@mitre.org
Product
Hyperlink: https://github.com/cwjchoi01/CVE-2025-65264
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.cpuid.com/softwares/cpu-z.html
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

70Records found
CVE-2023-48354
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.70%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43449
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:15
Updated-02 May, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file read via download_server.

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2022-42477
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.69%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 16:06
Updated-23 Oct, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerFortiAnalyzer
CWE ID-CWE-20
Improper Input Validation
CVE-2022-37327
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 16.54%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-laprc510_firmwarenuc10i7fnhaa_firmwarecm8i3cb4nnuc12wski7nuc10i7fnk_firmwarenuc12wshi5elm12hbcnuc11tnhi3elm12hbc_firmwarenuc8cchbnuc11tnbi3elm12hbi5nuc11tnhi50z_firmwarenuc10i3fnhfnuc10i5fnhnnuc11tnki3_firmwarelapkc71f_firmwarenuc9vxqnx_firmwarenuc12wshi50z_firmwarenuc10i7fnhcnuc11tnbi5_firmwarenuc10i5fnknuc8i3pnh_firmwarenuc10i3fnkn_firmwarenuc11tnhi70qnuc11tnhi50w_firmwarenuc8cchkrn_firmwarenuc10i3fnhnuc11tnbi50z_firmwarelaprc710nuc10i5fnhjnuc10i3fnklapac71gnuc11atkpenuc11tnki70z_firmwarenuc9v7qnx_firmwarenuc12wski7_firmwarenuc12wsbi50z_firmwarenuc9vxqnxnuc11atkc4nuc11tnhi70z_firmwarenuc11atkpe_firmwarenuc10i5fnkpanuc10i3fnk_firmwarenuc10i5fnh_firmwarenuc12wski70znuc11tnhi50znuc12wsbi70zcm8i3cb4n_firmwarenuc10i3fnhnnuc8cchb_firmwarenuc11tnhi50lcm8ccb4r_firmwarenuc11tnki7nuc12wshi3_firmwarenuc11tnki30z_firmwarecm11ebc4w_firmwarenuc9vxqnbnuc11atkc4_firmwarelapbc710cm11ebi58w_firmwarecm11ebc4wnuc11btmi9nuc11tnbi70znuc12edbi7_firmwarenuc11tnhi3_firmwarenuc12wshi70zelm12hbi3_firmwarenuc11tnki7_firmwarenuc11tnbi5laprc710_firmwarenuc12wshi50znuc11tnhi70l_firmwarenuc11tnbi30z_firmwarenuc12wshi3nuc10i3fnhfanuc10i5fnhj_firmwarenuc10i7fnkn_firmwarenuc12wsbi3_firmwarenuc12wshi30lnuc12wshi30z_firmwarenuc12snki72vanuc11tnhi5nuc8cchkrnnuc10i7fnknnuc12wsbi70z_firmwarenuc12wski70z_firmwarenuc11atbc4_firmwarenuc12wsbi30znuc8i3pnb_firmwarenuc8i3pnbnuc12wsbi3nuc8cchkrnuc10i3fnhfa_firmwarenuc12wshi7cm11ebi38w_firmwarenuc11tnhi70lnuc10i5fnhf_firmwarenuc8i3pnhnuc11tnbi3_firmwareelm12hbi5_firmwarenuc10i5fnk_firmwarenuc11tnki50znuc11tnki70znuc8cchbnnuc11tnbi50znuc10i7fnknuc12dcmi7nuc11tnhi30p_firmwarenuc10i7fnhn_firmwarenuc11tnhi30llapbc710_firmwarelapkc51enuc8cchkr_firmwarenuc10i3fnhn_firmwarecm8ccb4rnuc10i5fnkn_firmwarelapkc71e_firmwareelm12hbi7_firmwarenuc12wski30znuc10i3fnhjanuc10i5fnhjanuc10i7fnhja_firmwarenuc12wsbi30z_firmwarecm8i5cb8nnuc12wshi5_firmwarenuc12wski5_firmwarenuc11atbc4nuc11dbbi7_firmwarenuc9vxqnb_firmwarenuc9v7qnbcm8pcb4r_firmwarenuc10i7fnhc_firmwarenuc8i3pnk_firmwarenuc12snki72va_firmwarelapbc510nuc10i3fnhja_firmwarenuc12edbi7lapac71h_firmwarenuc12wsbi50znuc11tnki50z_firmwarenuc11dbbi7cm8i5cb8n_firmwarenuc12dcmi9_firmwarenuc12wski5elm12hbi7lapac71hnuc10i5fnhja_firmwarenuc10i7fnkpanuc10i7fnh_firmwarenuc12wski50z_firmwarenuc11tnbi7nuc10i5fnkpnuc10i7fnhnnuc12wski3_firmwarecm8pcb4rnuc10i5fnkpa_firmwarenuc11dbbi9nuc11phki7caa_firmwarenuc8i3pnknuc11tnki5_firmwarenuc11tnbi30znuc12snki72_firmwareelm12hbi3nuc11tnki30zcm8i7cb8n_firmwarelaprc510cm11ebi38wnuc12wshi70z_firmwarenuc10i7fnhjacm8i7cb8nnuc12wsbi5_firmwarenuc10i7fnkpa_firmwarenuc12wski3nuc11tnbi7_firmwarenuc11tnhi70znuc12wshi30l_firmwarenuc12dcmi9nuc11tnhi5_firmwarenuc11tnbi70z_firmwarelapkc71flapkc51e_firmwarenuc11tnhi30pnuc11tnhi70q_firmwarecm11ebi716wnuc11tnki5nuc9v7qnb_firmwarenuc10i5fnhfnuc8cchbn_firmwarenuc11atkc2_firmwarelapbc510_firmwarenuc12snki72nuc12edbi9_firmwarenuc11phki7c_firmwarenuc11tnhi50wnuc11tnhi7cm11ebi716w_firmwarenuc10i5fnhnuc12edbi9nuc12wsbi5nuc10i5fnhca_firmwarenuc10i5fnkncm11ebi58wnuc11dbbi9_firmwarenuc11atkc2nuc11tnhi30znuc10i5fnkp_firmwarenuc10i7fnhnuc11tnhi50l_firmwarenuc9v7qnxlapac71g_firmwarenuc12dcmi7_firmwarenuc10i3fnknnuc10i7fnhaalapkc71enuc10i5fnhn_firmwarenuc11phki7cnuc12wski30z_firmwarenuc11tnhi30l_firmwarenuc10i7fnkpnuc12wski50znuc11tnhi7_firmwarenuc12wshi30znuc11tnki3nuc10i3fnhf_firmwarenuc10i7fnkp_firmwarenuc11btmi7_firmwarenuc11phki7caanuc10i5fnhcanuc10i3fnh_firmwarenuc11btmi9_firmwarenuc11tnhi30z_firmwarenuc12wshi7_firmwarenuc11btmi7Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged
CWE ID-CWE-20
Improper Input Validation
CVE-2024-45444
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.49%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 01:51
Updated-06 Sep, 2024 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-20
Improper Input Validation
CVE-2022-36854
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 4.64%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-36929
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.70%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 19:35
Updated-12 Dec, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33715
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.82%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:17
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-26707
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.20%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:58
Updated-22 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-35136
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.65%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 01:16
Updated-05 Jun, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zldvpn100usg_20w-vpnatp100atp800usg_flex_200vpn50usg_flex_100atp100wusg_flex_50watp200atp700atp500usg_flex_700vpn1000vpn50wvpn300usg_flex_100wusg_flex_500usg_flex_50USG20(W)-VPN series firmwareATP series firmwareUSG FLEX 50(W) series firmwareUSG FLEX series firmwareVPN series firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20590
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20592
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20350
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:22
Updated-20 Oct, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20353
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.80%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:23
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221041256

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20037
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.66%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6757cdmt8175mt6873mt6893mt8765mt6799mt8788mt6750mt6755smt8167mt6765mt6757cmt6891mt6737mt6883mt6853tmt6739mt6757mt6880mt6797mt6769mt6761mt6875mt6889mt8768mt8789mt8321mt6768mt8362amt8797mt8786mt8766mt6755mt6890mt6771mt8385mt6758mt6833mt6885mt6735mt6750smt6753mt6762mt6795mt6781mt6877mt8365mt6853mt8168androidmt6757chmt8185mt8791mt6779mt6785mt6763mt8173MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20019
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.38%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 15:56
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853mt6755smt6757mt6763mt6779mt6833mt6757cmt6853tmt6873mt6891mt6750mt6885mt6799mt6762mt6877mt6750smt6768mt6595mt6771mt6765mt6875mt6739mt6761mt6755mt6769mt6785mt6757cdmt6797mt6781mt6883mt6893mt6757chmt6735mt6737mt6795mt6753mt6889mt6758androidmt8768MT6595, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8768
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20020
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.38%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 15:57
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05943906; Issue ID: ALPS05943906.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt8765mt8385mt6833mt6885mt8788mt6877mt6785mt6781mt8365mt8167mt6853mt8168mt6739mt8768mt8789androidmt8797mt8185mt8321mt6768mt8362amt8791mt6779mt8786mt8766mt8173MT6739, MT6768, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20036
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.66%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6757cdmt8175mt6873mt6893mt8765mt6799mt8788mt6750mt6755smt8167mt6765mt6757cmt6891mt6737mt6883mt6853tmt6739mt6757mt6880mt6797mt6769mt6761mt6875mt6889mt8768mt8789mt8321mt6768mt8362amt8786mt8766mt6755mt6890mt6771mt8385mt6758mt6833mt6885mt6735mt6750smt6753mt6762mt6795mt6781mt6877mt8365mt6853mt8168androidmt6757chmt8185mt8791mt6779mt6785mt6763mt8173MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20017
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.66%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt6873mt6893mt8765mt8385mt6833mt6885mt8788mt6877mt8365mt8167mt6765mt6853mt8168mt8768mt8789androidmt8797mt8185mt8321mt8362amt8791mt6785mt8786mt8766mt8173MT6765, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20205
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.38%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • Next
Details not found