26 matches found
CVE-2026-20425
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539...
CVE-2026-20414
CVE-2026-20414 affects the imgsys component. The issue is a use-after-free vulnerability that can enable local privilege escalation if an attacker already holds System privileges. Exploitation reportedly requires no user interaction. The advisory notes a patch: ALPS10362999 (Issue MSV-5625). Conn...
CVE-2025-20783
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684...
CVE-2023-20697
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148...
CVE-2023-20677
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436...
CVE-2023-21048
In handleEvent of nan.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2023-20789
In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193...
PT-2024-10645 · Mediatek · Mediatek Audio Driver
Name of the Vulnerable Software and Affected Versions: MediaTek audio driver affected versions not specified Description: The issue is related to a missing bounds check in the mtkscoaudio debugfs, combined with weakened SELinux policies. This could allow for an arbitrary kernel memory write,...
CVE-2024-20117
In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008925; Issue ID: MSV-1681...
PT-2024-18540 · Gnss · Gnss
Name of the Vulnerable Software and Affected Versions: gnss affected versions not specified Description: The issue is related to a missing bounds check in gnss, which could lead to a local escalation of privilege. System execution privileges are needed for exploitation, and user interaction is no...
CVE-2023-20823
In cmdq, there is a possible out of bounds read due to an incorrect status check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08021592; Issue ID: ALPS08021592...
SUSE CVE-2023-21264
In multiple functions of memprotect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-20798
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076...
PT-2023-17957 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the inviteInternal function of p2p iface.cpp due to a missing bounds check. This could lead to local information disclosure, requiring System...
PT-2023-17608 · Vcu · Vcu
Name of the Vulnerable Software and Affected Versions: vcu affected versions not specified Description: The issue is related to a possible out of bounds write due to improper locking, which could lead to local escalation of privilege. System execution privileges are needed for exploitation, and...
CVE-2023-20677
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436...
PT-2023-17841 · Google · Android Kernel
Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the load png image function of ExynosHWCHelper.cpp due to improper input validation. This could lead to local escalation of privilege, requiring System...
PT-2023-17839 · Google · Android Kernel
Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the append camera metadata function of camera metadata.c due to a missing bounds check. This could lead to local information disclosure, requiring System...
PT-2023-17769 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the btu ble rc param req evt function of btu hcif.cc due to a missing bounds check. This could lead to local information disclosure, requiring...
PT-2022-21406 · Jpeg · Jpeg
Name of the Vulnerable Software and Affected Versions: jpeg affected versions not specified Description: The issue is related to a possible use after free due to a race condition. This could lead to local escalation of privilege, with System execution privileges needed. User interaction is not...