4 matches found
CVE-2021-0928
CVE-2021-0928 concerns an Elevation of Privilege in Android’s Media Framework. The vulnerability arises from a mismatch in parcel serialization/deserialization in createFromParcel of OutputConfiguration.java due to improper input validation, allowing local privilege elevation with no authenticate...
Design/Logic Flaw
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User...
CVE-2017-13286
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User...
CVE-2017-13286
CVE-2017-13286 affects Android 8.0 and 8.1, where in OutputConfiguration.java’s writeToParcel/readFromParcel a mismatched serialization permits a local permission bypass, enabling a user to start an activity with system privileges without extra execution privileges. No exploit details are provide...