App can start the activity from background without requiring any permission.
In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.7AI Score
0.0005EPSS
incidentd_service_fuzzer: Abrt in android::os::incidentd::IncidentService::onTransact
In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.2AI Score
0.0004EPSS
In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.1AI Score
0.0004EPSS
Granting access of protected ContentProviders on behalf of Launcher
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
use-after-free in libstagefright_httplive
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
8.1CVSS
7.4AI Score
0.001EPSS
BAL bypass while calling `locationManager.requestGeofence`
In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
mtp_handle_fuzzer: Heap-use-after-free in android::MtpFfsHandle::doSendEvent
In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.4AI Score
0.0004EPSS
PDoS by bypassing phone account count limit using binder overflow behavior
In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
rtp_writer_fuzzer: Segv on unknown address in android::ARTPWriter::~ARTPWriter
In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
Package name ownership not checked in ActivityManagerService#backupAgentCreated
In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.3AI Score
0.0004EPSS
BAL bypass by utilizing UsbManager.requestPermission (*android 14 beta4*)
In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.3AI Score
0.0004EPSS
[Bug 5 of 7] Intent URI/CATEGORY_BROWSABLE permits FRP Bypass by leveraging browser applications
In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Platform level change for "I see an empty media notification in the shade"
In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
PipMode actions could render icons with uri unauthorized to current app (even cross user)
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
3.3CVSS
6.4AI Score
0.0004EPSS
Another Background starting activities restrictions bypass in CallRedirectionService
In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Privilege Escalation in com.android.providers.media.MediaProvider#DatabaseUtils.bindSelection
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
7.3AI Score
0.0004EPSS
Leak of cross-user contact data in FDN contact importation in Telephony
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.5AI Score
0.0004EPSS
Integer overflow in avdt_msg_asmbl
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.1AI Score
0.0005EPSS
[Bluetooth][GATT] gatts_process_* functions OOB write
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
8.1AI Score
0.001EPSS
EoP: Default IME to Device Administrator
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.9AI Score
0.0004EPSS
Hide a notification listener service via excessively long component names
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed......
6.8CVSS
6.7AI Score
0.0005EPSS
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
ActivityOptions#makeLaunchIntoPip bypass FG-BG Restriction
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
ADP Grant - Enumerating other users' photos by posting a notification with nested RemoteViews
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Heap buffer overflow in FreeType
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
8.1AI Score
0.001EPSS
CursorWindow object writeToParcel leak uninitialized heap content to low privilege process
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.8AI Score
0.0004EPSS
an OOB write in resetLppTransposer Function in lpp_tran.cpp
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
8.8CVSS
8.1AI Score
0.001EPSS
[Bluetooth][SDP] OOB write in `SDP_AddAttributeToRecord`
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.8AI Score
0.0005EPSS
In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Security - [Out of Bounds Write in rw_i93_send_to_upper in rw_i93.cc in libnfc-nci]
In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Permanent device denial of service due to OutOfMemoryError while system is turning on
In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
6.5AI Score
0.0004EPSS
Bypass DISALLOW_CONFIG_LOCATION to enable/disable wifi scanning via slice URI
In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
7.8CVSS
7.3AI Score
0.0004EPSS
Integer overflow in SkSLVMCodeGenerator
In multiple functions of SkSLFunctionDefinition.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged app with no additional execution privileges needed. User interaction is needed for...
9.6CVSS
8.1AI Score
0.006EPSS
Control activityOptions via AddAccountSettings due to unsafe deserialization
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.9AI Score
0.0004EPSS
In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
LaunchAnywhere in SysUI via media notification
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Misleading UI design: Settings -> VPN
In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
[ADP Grant] Guest user can see the trace logs recorded by Admin user by MainActivity
In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.9AI Score
0.0004EPSS
Missing locks in SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 compat code causing UAF used in the wild
In ctl_elem_read_user, ctl_elem_write_user of control_compat.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
7.9CVSS
8.1AI Score
0.001EPSS
In multiple buttons of grant_permissions.xml, there is a possible way to bypass permissions dialogs due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
6.9AI Score
EPSS
[Out of Bounds Read in register_notification_rsp in btif_rc.cc in libbtif]
In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.1AI Score
0.0004EPSS
[Out of Bounds Write in nci_snd_set_routing_cmd in nci_hmsgs.cc in libnfc-nci]
In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.8AI Score
0.0005EPSS
In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for...
6.6CVSS
6.9AI Score
0.0005EPSS
Start foreground activity from background via LocationManager#requestFlush
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for....
7.8CVSS
7.3AI Score
0.0004EPSS
Legacy apps bypass restrict to insert/update files to other app's external private dirs
In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS