PT-2022-14668 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: The issue is related to a missing permission check in the AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java. This could allow access to the microphone from the background,...

CVE-2022-20412

In fdtnexttag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

CVE-2022-20358

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

Google Android Automotive OS (AAOS) 权限许可和访问控制问题漏洞

Google Android Automotive Os is an operating system and platform from Google, Inc. that runs directly on in-vehicle hardware. an elevation of privilege vulnerability exists in Google Android version 10 11, which originates in the wifi.requestToggleWifiActivity in AndroidManifest.xml...

CVE-2022-20144

In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2021-0483

In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID:...

Mediatek 芯片 缓冲区错误漏洞

The Mediatek chip is a smartphone chipset from China's MediaTek Mediatek. A security vulnerability exists in the Mediatek chip that stems from incorrect ccu error handling, which may result in an out-of-bounds read. This could lead to the disclosure of information that requires system execution...

Mediatek 芯片 资源管理错误漏洞

Mediatek chips are smartphone chipsets from China's MediaTek Mediatek. A security vulnerability exists in the Mediatek chips, which stems from a possible memory corruption due to the use of m4u after its release, which could result in a local elevation of privilege that requires system execution...

CVE-2021-0430

In rwmfchandlereadop of rwmfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Google Android 缓冲区错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the System component of Google Android 10 and 11. An attacker can exploit this vulnerability to achieve remote code...

CVE-2021-0344

In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05437558...

CVE-2021-0357

In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442002...

CVE-2021-0352

In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05453809...

PT-2021-12991 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: The issue is related to a confused deputy in the updatePermissionSourcePackage function of PermissionManagerService.java, which could lead to a local escalation of privilege. This...

CVE-2020-0470

In extendframehighbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11...