Permanent denial of service via PackageManager#setMimeGroup
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
7.4AI Score
0.0004EPSS
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Permanent denial of service via ShortcutManager#addDynamicShortcuts with invalid Intent.mFlags
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.4AI Score
0.0004EPSS
In cropPhoto of EditUserPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0005EPSS
[Media Provider] Security Report - [EoP: Bypass Storage Restriction in Android 11]
In multiple locations of MediaProvider.java, there is a possible way to get read/write access to other applications’ dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed......
6.6AI Score
0.0004EPSS
Privilege Escalation in com.android.server.appwidget.AppWidgetServiceImpl#bindRemoteViewsService
In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
locale_fuzzer: Stack-buffer-overflow in ulocimp_toLanguageTag_71
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.7AI Score
0.001EPSS
Bundle writeToParcel/createFromParcel mismatch via LazyValue with negative length
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
Talkback reads notifications of non-current Android user
In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
Installer apps that target SDK 33 are not able to install apps that use obb files
In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
[ASB Platform] [Pixploit] The bootloader libfdt bug
In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
6.8AI Score
0.0004EPSS
[Out of Bounds Read in pickStartSeq Function in AAVCAssembler.cpp in libstagefright_rtsp]
In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
[Crafted AVRCP Response Causes Out-of-bounds Read in Bluetooth]
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
Phone call can be recorded if MMAP recording started after the call begins
In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...
7.8CVSS
7AI Score
0.0004EPSS
[Multiple users join the WI-FI network by scanning the QR code]
In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7AI Score
0.0004EPSS
Mac addresses accessible without requiring any permissions or special privileges [kernel side fix]
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
Linux kernel vulnerability advisory
In fs, there is a possible use-after-free due to a race condition in io_uring timeouts. This could lead to local escalation of privileges with no additional execution privileges needed. User interaction is not needed for...
7CVSS
6.9AI Score
0.0004EPSS
Vulnerability: external/expat (doProlog)
In closeString of xmlparse.c, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
8.6AI Score
0.006EPSS
[Crafted HFP Client Packet Causes Out-of-bounds Write in Bluetooth]
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.8AI Score
0.001EPSS
EoP: Unsafe package check leading to LaunchAnyWhere in AppRestrictionsFragment
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
App can read location requests of other users without requiring INTERACT_ACROSS_USERS permission.
In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...
5.5CVSS
6.2AI Score
0.0004EPSS
Notification access vulnerability
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not...
5.5CVSS
6.2AI Score
0.0004EPSS
[OOB write in L2CAP Bluetooth stack]
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.8AI Score
0.001EPSS
In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
[Crafted AVRCP cmd packet Causes Out-of-bounds Read in Bluetooth]
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
6.5CVSS
6.5AI Score
0.001EPSS
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
[Platform Fix] AttributionSource may incorrectly validate the calling uid and pid depending on usage
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
Potential DoS attack through shortcut reporting.
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.6AI Score
EPSS
[Mainline Fix] AttributionSource may incorrectly validate the calling uid and pid depending on usage
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
Bypass of overlay protection in landscape mode
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed...
7AI Score
EPSS
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.2AI Score
EPSS
Task Hijacking Using startActivityForResults - Phone by Google Example
In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
Linux Kernel Race Condition leads to UAF in Unix Domain Socket and causes LPE in Android
In unix_stream_sendpage of af_unix.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Lockdown vs. Screen pinning mode
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction.....
6.5AI Score
0.0004EPSS
Permanent device denial of service due to a huge amount of scheduled alarms
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
Permanent device denial of service due to improper input validation in AppOpsService
In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
[Out of Bounds Write in attp_build_value_cmd in libbt-stack]
In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
7.8AI Score
0.0004EPSS
[Out of Bounds Write in internalGetVp8Params in SoftVP8Encoder.cpp in libstagefright_soft_vpxenc]
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
DPC global restriction are lost after reboot on Android 14
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...
6.6AI Score
0.0004EPSS
Start foreground activity from background in ActivityTaskManagerService#startNextMatchingActivity
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.3AI Score
0.0004EPSS
[Binder MemoryHeapBase] - Need to SEAL file size on memfd mapped region
In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.6AI Score
0.0004EPSS
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.3AI Score
0.0004EPSS
incidentd_service_fuzzer: Abrt in android::os::incidentd::IncidentService::onTransact
In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.2AI Score
0.0004EPSS