Android 13 Security Release Notes

Published July 25, 2022 | Updated June 29, 2023

This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 13. Android 13 devices with a security patch level of 2022-09-01 or later are protected against these issues (Android 13, as released on AOSP, will have a default security patch level of 2022-09-01). To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues prior to publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository as part of the Android 13 release.

The severity assessment of issues in these release notes are based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

Announcements

  • The issues described in this document are addressed as part of Android 13. This information is provided for reference and transparency.
  • We would like to acknowledge and thank the security research community for their continued contributions towards securing the Android ecosystem.

Android and Google service mitigations

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

  • Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
  • The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

Android 13 vulnerability details

The sections below provide details for security vulnerabilities fixed as part of Android 13. Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, and severity.

Android runtime

CVE References Type Severity
CVE-2013-0340 A-24901276 DoS Moderate

Framework

CVE References Type Severity
CVE-2022-20266 A-211757348 EoP High
CVE-2022-20301 A-200956614 EoP High
CVE-2022-20305 A-199751623 EoP High
CVE-2022-20443 A-194480991 EoP High
CVE-2022-20270 A-209005023 ID High
CVE-2022-20294 A-202160705 ID High
CVE-2022-20295 A-202160584 ID High
CVE-2022-20296 A-201794303 ID High
CVE-2022-20298 A-201416182 ID High
CVE-2022-20299 A-201415895 ID High
CVE-2022-20300 A-200956588 ID High
CVE-2022-20303 A-200573021 ID High
CVE-2022-20304 A-199751919 ID High
CVE-2022-20260 A-220865698 DoS High
CVE-2022-20246 A-230493191 EoP Moderate
CVE-2022-20250 A-226134095 EoP Moderate
CVE-2022-20255 A-222687217 EoP Moderate
CVE-2022-20268 A-210468836 EoP Moderate
CVE-2022-20271 A-207672635 EoP Moderate
CVE-2022-20278 A-205130113 EoP Moderate
CVE-2022-20281 A-204083967 EoP Moderate
CVE-2022-20282 A-204083104 EoP Moderate
CVE-2022-20312 A-192244925 EoP Moderate
CVE-2022-20331 A-181785557 EoP Moderate
CVE-2021-0734 A-189122911 ID Moderate
CVE-2021-0735 A-188913056 ID Moderate
CVE-2021-0975 A-180104273 ID Moderate
CVE-2022-20243 A-190199986 ID Moderate
CVE-2022-20249 A-226900861 ID Moderate
CVE-2022-20252 A-224547584 ID Moderate
CVE-2022-20262 A-218338453 ID Moderate
CVE-2022-20263 A-217935264 ID Moderate
CVE-2022-20272 A-207672568 ID Moderate
CVE-2022-20275 A-205836975 ID Moderate
CVE-2022-20276 A-205706731 ID Moderate
CVE-2022-20277 A-205145497 ID Moderate
CVE-2022-20279 A-204877302 ID Moderate
CVE-2022-20285 A-230868108 ID Moderate
CVE-2022-20287 A-204082784 ID Moderate
CVE-2022-20288 A-204082360 ID Moderate
CVE-2022-20289 A-203683960 ID Moderate
CVE-2022-20291 A-203430648 ID Moderate
CVE-2022-20293 A-202298672 ID Moderate
CVE-2022-20307 A-198782887 ID Moderate
CVE-2022-20309 A-194694094 ID Moderate
CVE-2022-20315 A-191058227 ID Moderate
CVE-2022-20316 A-190726121 ID Moderate
CVE-2022-20318 A-194694069 ID Moderate
CVE-2022-20320 A-187956596 ID Moderate
CVE-2022-20324 A-187042120 ID Moderate
CVE-2022-20328 A-184948501 ID Moderate
CVE-2022-20332 A-180019130 ID Moderate
CVE-2022-20336 A-177239688 ID Moderate
CVE-2022-20341 A-162952629 ID Moderate
CVE-2022-20322 A-187176993 ID Low
CVE-2022-20323 A-187176203 ID Low

Media Framework

CVE References Type Severity
CVE-2022-20290 A-203549963 EoP Moderate
CVE-2022-20325 A-186473060 EoP Moderate
CVE-2022-20247 A-229858836 ID Moderate
CVE-2022-20317 A-190199063 ID Moderate

Package

CVE References Type Severity
CVE-2022-20319 A-189574230 EoP Moderate

Platform

CVE References Type Severity
CVE-2022-20302 A-200746457 EoP Moderate
CVE-2022-20321 A-187176859 ID Moderate

Platform

CVE References Type Severity
CVE-2022-20265 A-212804898 EoP Moderate

System

CVE References Type Severity
CVE-2022-20283 A-233069336 RCE Critical
CVE-2022-20362 A-230756082 RCE Critical
CVE-2022-20292 A-202975040 EoP High
CVE-2022-20297 A-201561699 EoP High
CVE-2022-20330 A-181962588 EoP High
CVE-2021-0518 A-176541017 ID High
CVE-2022-20245 A-215005011 ID High
CVE-2022-20259 A-221431393 ID High
CVE-2022-20284 A-231986341 ID High
CVE-2022-20326 A-185235527 ID High
CVE-2022-20327 A-185126813 ID High
CVE-2022-20339 A-171572148 ID High
CVE-2022-20244 A-201083240 EoP Moderate
CVE-2022-20248 A-227619193 EoP Moderate
CVE-2022-20254 A-223377547 EoP Moderate
CVE-2022-20256 A-222572821 EoP Moderate
CVE-2022-20257 A-222289114 EoP Moderate
CVE-2022-20258 A-221893030 EoP Moderate
CVE-2022-20267 A-211646835 EoP Moderate
CVE-2022-20269 A-209062898 EoP Moderate
CVE-2022-20274 A-206470146 EoP Moderate
CVE-2022-20286 A-230866011 EoP Moderate
CVE-2022-20306 A-199680794 EoP Moderate
CVE-2022-20313 A-192206329 EoP Moderate
CVE-2022-20314 A-191876118 EoP Moderate
CVE-2022-20329 A-183410556 EoP Moderate
CVE-2022-20335 A-178014725 EoP Moderate
CVE-2022-20241 A-217185011 ID Moderate
CVE-2022-20242 A-231986212 ID Moderate
CVE-2022-20251 A-225881167 ID Moderate
CVE-2022-20261 A-219835125 ID Moderate
CVE-2022-20273 A-206478022 ID Moderate
CVE-2022-20280 A-204117261 ID Moderate
CVE-2022-20310 A-192663798 ID Moderate
CVE-2022-20311 A-192663553 ID Moderate
CVE-2022-20340 A-166269532 ID Moderate
CVE-2022-20342 A-143534321 ID Moderate
CVE-2022-20253 A-224545125 DoS Moderate
CVE-2022-20308 A-197874458 DoS Moderate
CVE-2022-20333 A-179161657 DoS Moderate
CVE-2022-20334 A-178800552 DoS Moderate

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

To learn how to check a device's security patch level, see Check and update your Android version.

Android 13, as released on AOSP, has a default security patch level of 2022-09-01. Android devices running Android 13 and with a security patch level of 2022-09-01 or later address all issues contained in these security release notes.

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation Definition
RCE Remote code execution
EoP Elevation of privilege
ID Information disclosure
DoS Denial of service
N/A Classification not available

3. What do the entries in the References column mean?

Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

Prefix Reference
A- Android bug ID

Versions

Version Date Notes
1.0 July 25, 2022 Security Release Notes Published
1.1 August 8, 2022 Updated Issue List
1.2 September 21, 2022 Updated Issue List
1.3 October 11, 2022 Updated Issue List
1.4 March 28, 2022 Updated Issue List
1.5 June 29, 2023 Updated Issue List