CVE-2022-20164

CVE-2022-20164 is listed in the Pixel security bulletin as an Elevation of Privilege (EoP) affecting the Modem component, tied to the Android kernel. The connected Pixel bulletin entry confirms the issue is categorized as EoP for Modem with no public exploit details provided in the documents. The...

CVE-2022-20151

CVE-2022-20151 is listed in Pixel security patches as an Information Disclosure (Type: ID) affecting the Modem component on Google Pixel devices. The Android bug ID associated is A-210712565. Public sources also flag it as related to the Android kernel in the CVE context, with no explicit exploit...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5417-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5417-1 advisory. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2...

SUSE SLES12 Security Update : kernel (Live Patch 22 for SLE 12 SP4) (SUSE-SU-2022:1318-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1318-1 advisory. - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel CVE-2021-39713 - A use-after-free flaw was found i...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1255-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1255-1 advisory. The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:1196-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1196-1 advisory. - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel CVE-2021-39713 - ...

CVE-2021-39796

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

CVE-2021-39800

In ionioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2021-39796

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

Amazon Linux 2 : kernel, --advisory ALAS2-2022-1768 (ALAS-2022-1768)

The version of kernel installed on the remote host is prior to 4.14.273-207.502. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1768 advisory. A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw...

Code injection

imsex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller's permissions?so that normal apps No phone permissions can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634...

AlmaLinux 8 : wpa_supplicant (ALSA-2021:1686)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:1686 advisory. - In p2pcopyclientinfo of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target devi...

Design/Logic Flaw

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Heap overflow

In C2SoftMP3::process of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2021-39645

Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A...

CVE-2021-1027

In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-0990

In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction ...

Memory corruption

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Information disclosure

In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Design/Logic Flaw

In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...