Guest user can add a new user via Settings#AddSupervisedUserActivity
In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.9AI Score
0.0004EPSS
PendingIntent in Settings#MediaVolumePreferenceController can be hijacked
In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.5AI Score
0.0004EPSS
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
Possible EvilParcel bug in WorkSource class
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.002EPSS
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
Linux kernel vulnerability advisory
In pxa3xx_gcu_write of pxa3xx-gcu.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
6.1CVSS
6.9AI Score
0.001EPSS
Reading contacts of other users using emergency contact settings
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
3.3CVSS
6.9AI Score
0.0004EPSS
Linux kernel vulnerability advisory
In move_page_tables of mremap.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for...
7CVSS
7.2AI Score
0.001EPSS
[Binder][bug] Incorrect bound check in `binder_transaction_buffer_release` in binder.c
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.7AI Score
0.0004EPSS
Intent injection through Intent.toUri/Intent.parseUri mismatch
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
[Regression] Uninstalling of packages by DPC does not work in T
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
Android lock screen sensitive notification bypass
In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the...
4.6CVSS
6AI Score
0.0004EPSS
Enabling managed connection service without user interaction using tapjacking in Telecomm
In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3CVSS
7.1AI Score
0.0004EPSS
In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
6.5CVSS
6.2AI Score
0.0004EPSS
Investigate how Phone Services is breaking through AppOps restrictions
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
2.3CVSS
6.7AI Score
0.0004EPSS
locale_fuzzer: Tag-mismatch in _getVariant
In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.7AI Score
0.001EPSS
Permanent denial of service via NotificationManager#createNotificationChannel
In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
[Bluetooth avrcp/avdtp heap overflow]
In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.1AI Score
0.0005EPSS
In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.7AI Score
0.001EPSS
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Secret notifications are not hidden on lock screen
In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
ndk_mediamuxer_fuzzer: Heap-use-after-free in android::MediaAppender::init
In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
7.1AI Score
0.0004EPSS
Bypass of device carrier restrictions (OS Version = android 12)
In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for.....
7.8CVSS
7.5AI Score
0.0004EPSS
Apps can get the ACTIVITY_RECOGNITION runtime permission silently via app upgrade on Q and above
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
Unlocking SIM PUK result in unlocking phone directly
In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
4.6CVSS
6.8AI Score
0.0005EPSS
[Out of Bounds Read in process_service_search_rsp Function in sdp_discoverty.cc in Bluetooth]
In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.2AI Score
0.001EPSS
LazyValue in Bundle read with ReadWriteHelper may use Parcel after Parcel.recycle()
In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
An android kernel bug that allows to bypass all protection bypass and achieve privilege escalation
In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
8.8AI Score
0.0004EPSS
Launcher puts IApplicationThread inside ActivityOptions and it may be sent to launched app
In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
[KASAN: slab-out-of-bounds in emulation_proc_handler+0x17c/0x1c8]
In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7CVSS
6.8AI Score
0.0004EPSS
[The use of BD_ADDR in BR/EDR as the identity address of BLE makes the dual-stack trackable]
In bta_dm_remove_device of bta_dm_act.cc, there is a possible way for a BT device to receive a long term trackable identifier due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.9AI Score
EPSS
libfdt_fuzzer: Heap-buffer-overflow in fdt_next_tag
In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
7AI Score
0.0004EPSS
Presentation can make the app start activities in the background
In createPresentationContext of Presentation.java, there is a possible way to start a foreground activity from background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for...
4.6CVSS
7AI Score
0.0005EPSS
InputMethodManagerService provides an implicit mutable PendingIntent to 3Ps
In startInputUncheckedLocked of InputMethodManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
Obtaining dangerous platform permission with app update
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.1AI Score
0.0005EPSS
Sync adapters can be called directly by other apps
In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
3.3CVSS
6.2AI Score
0.0004EPSS
[Bug#2 - ActivityManager.bindService] Calling Package can be spoofed to ActivityManager.bindService
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed.....
7.8CVSS
7.1AI Score
0.0004EPSS
In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Android Security - [EMBARGO 5/24] invalid-free in io_uring that can lead to LPE
In io_req_init_async there is a potential use after free due to a race condition. This could lead to local escalation of privileges with User execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
7.1AI Score
[Crafted HFP Client Packet Causes Out-of-bounds Read in Bluetooth]
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score