453 matches found
CVE-2022-20306
In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794...
CVE-2022-20306
In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794...
CVE-2022-20256
In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222572821...
CVE-2022-20256
In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222572821...
Race condition
In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222572821...
Memory corruption
In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794...
Google Android 竞争条件问题漏洞
Google Android is a Linux-based open source operating system from Google, Inc. in the United States. Google Android the Audio HAL component is vulnerable to a Competitive Condition Issue vulnerability that stems from a competitive condition and may be open to out-of-bounds writes...
CVE-2022-20306
CVE-2022-20306 affects Android 13 via the Camera Provider HAL. The issue is a memory corruption due to a use-after-free in the Camera Provider HAL, enabling local elevation of privileges with SYSTEM rights and no user interaction required. The vulnerability impact is described as local EoP with h...
CVE-2022-20306
In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794...
CVE-2022-20256
The CVE-2022-20256 issue affects Android 13’s Audio HAL, where a race condition can cause an out-of-bounds write. This could enable local escalation of privileges to System level without user interaction. The description is consistent across Android/Open Source and Red Hat/NVD entries, and it is ...
CVE-2022-20256
In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222572821...
PT-2022-14532 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not...
PT-2022-14479 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to Android-13 Description: The issue is related to a race condition in the Audio HAL, which could result in an out of bounds write. This could potentially lead to local escalation of privilege, requiring System executio...
Improper Verification of Cryptographic Signature in node-forge
Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...
GHSA-X4JG-MJRX-434G Improper Verification of Cryptographic Signature in node-forge
Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...
Improper Verification of Cryptographic Signature in node-forge
Impact RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS1 encoded message to forge a signature when a low public exponent is being used. Patches The...
Google Android arbitrary memory write vulnerability
Google Android is a Linux-based open-source operating system from Google, Inc. Google Android is vulnerable to arbitrary memory writes, which can be exploited by attackers to perform arbitrary memory writes and code execution due to incorrect boundary checking in the edenruntime hal service...
CVE-2022-23428
An improper boundary check in edenruntime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...
CVE-2022-23428
An improper boundary check in edenruntime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...
CVE-2022-23429
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash...