137 matches found
UBUNTU-CVE-2020-0336
In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444...
Type confusion
In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444...
Design/Logic Flaw
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2020-0336
In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444...
Race condition
In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563...
CVE-2020-0358
CVE-2020-0358: In Android's SurfaceFlinger, a race condition leads to a use-after-free vulnerability. This is a local elevation-of-privilege issue on Android 11, requiring System privileges with no user interaction. CVSS data (3.1) indicates LOCAL, HIGH-privileges, with Confidentiality/Integrity/...
CVE-2020-0358
In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563...
CVE-2020-0357
CVE-2020-0357 affects Android 11, specifically the SurfaceFlinger component. The issue is a use-after-free caused by improper locking, enabling local escalation of privilege in the graphics server without extra execution privileges or user interaction. Other documents confirm this CVE is addresse...
CVE-2020-0357
In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...
CVE-2020-0336
CVE-2020-0336 pertains to Android 11 SurfaceFlinger where memory corruption arises from a type confusion issue. The vulnerability enables local escalation of privilege with system-level execution privileges required, and exploitation does not require user interaction. Affected component: SurfaceF...
CVE-2020-0336
In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153467444...
CVE-2020-0392
In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...
ASB-A-150226608
In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-150226994
In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-11828
In ColorOS oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP, RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the...
Design/Logic Flaw
In ColorOS oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP, RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the...
CVE-2020-11828
In ColorOS oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP, RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the...
CVE-2020-0063
In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143128911...
Design/Logic Flaw
In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143128911...
CVE-2020-0063
CVE-2020-0063 affects Android SurfaceFlinger, where the UI confirmation screen protected by the TEE can be overridden, enabling local elevation of privilege. Root cause: manipulation of the UI flow in SurfaceFlinger allows bypassing user interaction. Impact: local privilege escalation with high s...