137 matches found
ASB-A-336648613
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-44095
Use-After-Free UAF vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash...
CVE-2023-44095
Use-After-Free UAF vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash...
Design/Logic Flaw
Use-After-Free UAF vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash...
CVE-2023-44095
CVE-2023-44095 is a Use-After-Free (UAF) vulnerability in the surfaceflinger module of HarmonyOS/Huawei implementations, with the underlying issue described as triggering a system crash. Multiple connected sources (NVD, Red Hat, CVE listing, CNNVD) corroborate the same description of impact, but ...
CVE-2023-44095
Use-After-Free UAF vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash...
CVE-2023-44095
Use-After-Free UAF vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash...
CVE-2022-20540
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20540
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Code injection
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20540
CVE-2022-20540 is a local-use-after-free vulnerability in Android’s SurfaceFlinger::doDump. Exploitation could permit arbitrary code execution and local escalation of privilege without user interaction. Affected: Android 13, via SurfaceFlinger component. The issue is documented across multiple fe...
CVE-2022-20540
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20540
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-1028
In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-1027
In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-1029
In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-1027
In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Input validation
In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-1029
CVE-2021-1029 affects the Android graphics SurfaceFlinger component. In setClientStateLocked, a use-after-free leads to an out-of-bounds write, enabling local privilege escalation with no extra execution privileges required. This vulnerability is reported across multiple sources (NVD, Red Hat, CN...
CVE-2021-1029
In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...