The critical vulnerability is tracked as CVE-2022-20345 and it affects the System component. It has been patched with Android 12 and 12L updates.
According to Google, an attacker does not require additional execution privileges to remotely execute arbitrary code over a Bluetooth attack. No additional details are available about the vulnerability.
The remaining security bugs have all been assigned a ‘high severity’ rating. They impact components such as Framework, Media Framework, System, Kernel, Imagination Technologies, MediaTek, Unisoc and Qualcomm components. Many of them can lead to privilege escalation or information disclosure.
