In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
PipMode actions could render icons with uri unauthorized to current app (even cross user)
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
3.3CVSS
6.4AI Score
0.0004EPSS
Integer overflow in avdt_msg_asmbl
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.1AI Score
0.0005EPSS
In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
ActivityOptions#makeLaunchIntoPip bypass FG-BG Restriction
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
ADP Grant - Enumerating other users' photos by posting a notification with nested RemoteViews
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
CursorWindow object writeToParcel leak uninitialized heap content to low privilege process
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.8AI Score
0.0004EPSS
[Bluetooth][SDP] OOB write in `SDP_AddAttributeToRecord`
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.8AI Score
0.0005EPSS
In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Control activityOptions via AddAccountSettings due to unsafe deserialization
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.9AI Score
0.0004EPSS
LaunchAnywhere in SysUI via media notification
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
In multiple buttons of grant_permissions.xml, there is a possible way to bypass permissions dialogs due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
6.9AI Score
EPSS
"adb install -d" downgrades system apps
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
7.3AI Score
0.0004EPSS
[Out of Bounds Read in register_notification_rsp in btif_rc.cc in libbtif]
In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.1AI Score
0.0004EPSS
Start foreground activity from background via LocationManager#requestFlush
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for....
7.8CVSS
7.3AI Score
0.0004EPSS
[Security flaw in WI-FI reset settings]
In factoryReset of WifiServiceImpl.java, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to local non-security issues across resets with no additional execution privileges needed. User interaction is not needed for...
6.4AI Score
EPSS
Potential Intent Redirection issue in SettingsActivity of Settings app
In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
8.8CVSS
6.9AI Score
0.001EPSS
In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
6.9AI Score
0.0005EPSS
[Mainline Fix] AttributionSource may incorrectly validate the calling uid and pid depending on usage
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
[Platform Fix] AttributionSource may incorrectly validate the calling uid and pid depending on usage
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.2AI Score
EPSS
Linux Kernel Race Condition leads to UAF in Unix Domain Socket and causes LPE in Android
In unix_stream_sendpage of af_unix.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Permanent device denial of service due to a huge amount of scheduled alarms
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
Permanent device denial of service due to improper input validation in AppOpsService
In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
[Out of Bounds Write in internalGetVp8Params in SoftVP8Encoder.cpp in libstagefright_soft_vpxenc]
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.3AI Score
0.0004EPSS
Granting access of protected ContentProviders on behalf of Launcher
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
use-after-free in libstagefright_httplive
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
8.1CVSS
7.4AI Score
0.001EPSS
mtp_handle_fuzzer: Heap-use-after-free in android::MtpFfsHandle::doSendEvent
In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.4AI Score
0.0004EPSS
rtp_writer_fuzzer: Segv on unknown address in android::ARTPWriter::~ARTPWriter
In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
Another Background starting activities restrictions bypass in CallRedirectionService
In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Privilege Escalation in com.android.providers.media.MediaProvider#DatabaseUtils.bindSelection
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
7.3AI Score
0.0004EPSS
Leak of cross-user contact data in FDN contact importation in Telephony
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.5AI Score
0.0004EPSS
[Bluetooth][GATT] gatts_process_* functions OOB write
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
8.1AI Score
0.001EPSS
EoP: Default IME to Device Administrator
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
Hide a notification listener service via excessively long component names
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed......
6.8CVSS
6.7AI Score
0.0005EPSS
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Heap buffer overflow in FreeType
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
8.1AI Score
0.001EPSS
an OOB write in resetLppTransposer Function in lpp_tran.cpp
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
8.8CVSS
8.1AI Score
0.001EPSS
Security - [Out of Bounds Write in rw_i93_send_to_upper in rw_i93.cc in libnfc-nci]
In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Permanent device denial of service due to OutOfMemoryError while system is turning on
In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
6.5AI Score
0.0004EPSS
Bypass DISALLOW_CONFIG_LOCATION to enable/disable wifi scanning via slice URI
In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
7.8CVSS
7.3AI Score
0.0004EPSS
Integer overflow in SkSLVMCodeGenerator
In multiple functions of SkSLFunctionDefinition.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged app with no additional execution privileges needed. User interaction is needed for...
9.6CVSS
8.1AI Score
0.006EPSS
In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
Misleading UI design: Settings -> VPN
In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
[ADP Grant] Guest user can see the trace logs recorded by Admin user by MainActivity
In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.9AI Score
0.0004EPSS
Missing locks in SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 compat code causing UAF used in the wild
In ctl_elem_read_user, ctl_elem_write_user of control_compat.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
7.9CVSS
8.1AI Score
0.001EPSS