CVE-2024-36503

CVE-2024-36503 is a memory management vulnerability in the Gralloc module (Huawei HarmonyOS/EMUI context). The vulnerability can affect availability; CVSS indicates a local attack vector with low complexity and no user interaction. Exploitation details are not provided in the public documents; on...

CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability...

PT-2024-27038 · Gralloc · Gralloc

Name of the Vulnerable Software and Affected Versions: Gralloc module affected versions not specified Description: The issue is related to a memory management vulnerability in the Gralloc module. Successful exploitation of this vulnerability will affect availability. Recommendations: At the momen...

Huawei 手机安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. A memory management vulnerability exists in Huawei...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, Inc. in the United States. Google Pixel suffers from a security vulnerability that stems from a logic error in the code of privatehandlet in maligrallocbuffer.h, which may allow information leakage...

CVE-2023-22808

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0...

CVE-2023-22808

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0...

Design/Logic Flaw

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0...

PT-2023-18708 · Arm · Arm Android Gralloc Module

Name of the Vulnerable Software and Affected Versions: Arm Android Gralloc Module versions r24p0 through r41p0 before r42p0 Description: An issue was discovered in the Arm Android Gralloc Module, allowing a non-privileged user to read a small portion of the allocator process memory...

CVE-2023-22808

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0...

CVE-2023-22808

The CVE-2023-22808 entry describes an improper memory access in the Arm Android Gralloc Module (Mali GPU Kernel Driver) where a non-privileged user can read a small portion of the allocator process memory. Affected are Arm Mali variants: Bifrost r24p0–r41p0 before r42p0, Valhall r24p0–r41p0 befor...

CVE-2023-22808

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0...

CVE-2022-20180

In several functions of maligrallocreference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

PT-2022-14410 · Unknown · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: In several functions of mali gralloc reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed...

CVE-2022-20119

In privatehandlet of maligrallocbuffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Input validation

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A...

CVE-2018-6241

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A...

CVE-2018-6241

The CVE-2018-6241 issue affects the NVIDIA Tegra Gralloc module in the driver, where missing input validation in the registerbuffer API could allow arbitrary code execution, denial of service, or privilege escalation. The NVIDIA SHIELD TV security bulletin lists this CVE as high severity (base sc...

CVE-2018-6241

NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A...

Google Android Gralloc Qualcomm Component Elevation of Privilege Vulnerability

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Google Android Gralloc Qualcomm component. An attacker can exploit this vulnerability to achieve elevation of...