13 matches found
CVE-2021-0966
In code generated by BuildParcelFields of generatecpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution...
EUVD-2021-3585
Malicious code in bioql PyPI...
The vulnerability of the binder_txns_pending_ilocked() function in the drivers/android/binder.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the bindertxnspendingilocked function in the drivers/android/binder.c module of the Linux operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to compromise the confidentiality,...
PT-2022-1385
Name of the Vulnerable Software and Affected Versions Android kernel Description The issue is related to a possible use after free due to improper input validation in the binder transaction buffer release of binder.c. This could lead to local escalation of privilege with no additional execution...
Google Android Information Disclosure Vulnerability (CNVD-2021-101960)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that can be exploited by attackers to cause local information disclosure across Binder transactions without additional execution privileges...
CVE-2021-0966
In code generated by BuildParcelFields of generatecpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution...
CVE-2021-0966
In code generated by BuildParcelFields of generatecpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution...
Information disclosure
In code generated by BuildParcelFields of generatecpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution...
CVE-2021-0966
CVE-2021-0966 affects Android 11 and 12. It arises from BuildParcelFields in generate_cpp.cpp, allowing a crafted parcelable to reveal uninitialized memory in a target process and cause local information disclosure across Binder transactions without extra privileges or user interaction. Impact is...
Google Android 信息泄露漏洞
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that can be exploited by attackers to cause local information disclosure across Binder transactions without additional execution privileges...
ASB-A-198346478
In code generated by BuildParcelFields of generatecpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could lead to local information disclosure across Binder transactions with no additional execution...
Calling getpidcon for One Way Binder Transactions Returns Wrong Security Context
The servicemanager, keystore and drmserver all use getpidcon function to get the security context of the caller from a binder. When combined with a one way binder transaction this results in getting the security context of the current process which might allow a selinux mac bypass. Recent...
UBUNTU-CVE-2018-20510
The printbindertransactionilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "from code flags" lines in a debugfs file...