CVE-2020-13841

An issue was discovered on LG mobile devices with Android OS 9 and 10 MTK chipsets. An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 June 2020...

Command injection

An issue was discovered on LG mobile devices with Android OS 9 and 10 MTK chipsets. An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 June 2020...

CVE-2020-13843

Technical details about CVE-2020-13843 are not provided in the supplied documents; monitor for updates.

CVE-2020-13842

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 MTK chipsets. A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 June 2020...

CVE-2020-13841

An issue was discovered on LG mobile devices with Android OS 9 and 10 MTK chipsets. An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 June 2020...

CVE-2020-13840

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 MTK chipsets. Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 June 2020...

CVE-2020-13839

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 MTK chipsets. Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 June 2020...

Design/Logic Flaw

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 May 2020...

CVE-2020-12754

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 May 2020...

CVE-2020-12754

CVE-2020-12754 affects LG mobile devices running Android 7.2, 8.0, 8.1, 9, and 10. A crafted app can obtain control of device input through the window system service, enabling partial to high impact on confidentiality, integrity, and availability as per CVSS metrics. Root cause centered on window...

CVE-2020-12753

Summary (CVE-2020-12753): LG mobile devices running Android 7.2–10 are affected by an EL1/EL3 coldboot vulnerability in the bootloader affecting the raw_resources partition, enabling arbitrary code execution. The issue is identified as LG internal tag LVE-SMP-200006 (May 2020). Public sources in ...

CVE-2020-12753

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving rawresources. The LG ID is LVE-SMP-200006 May 2020...

CVE-2020-8899

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O8.x, P9.0 and Q10.0. An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an...

CVE-2020-8899 Memory corruption in Quram library when decoding qmg can lead to RCE

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O8.x, P9.0 and Q10.0. An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an...

CVE-2020-8899 Samsung Quarm RCE via MMS

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung’s Android OS versions O8.x, P9.0 and Q10.0. An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an...

CVE-2020-11875

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 MTK chipsets software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 February 2020...

CVE-2020-11873

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID is LVE-SMP-200005 April 2020...

CVE-2020-11874

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection FRP. The LG ID is LVE-SMP-200004 March 2020...

CVE-2019-20784

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 MTK chipsets software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 January 2019...

CVE-2019-20785

An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 January 2019...