7 matches found
EUVD-2025-201769
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48586
Summary: CVE-2025-48586 relates to Android's EditFdnContactScreen.java: In onActivityResult, a confused-deputy flaw could leak contacts from the work profile, enabling local elevation of privilege with no extra privileges and no user interaction. Affected component: Android app code path in EditF...
CVE-2022-20217
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378...
Code injection
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378...
CVE-2022-20217
CVE-2022-20217 stems from an authorization weakness in Android’s SprdContactsProvider, enabling a third-party app to trigger an unauthorized broadcast that could delete FDN contacts. Connected sources (PT-2022-4134, NVD entry) confirm the vulnerability in SprdContactsProvider with Android telepho...
CVE-2022-20217
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378...
ASB-A-232441378
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact...