In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for...
3.1CVSS
6.6AI Score
0.001EPSS
In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for.....
7.8CVSS
6.8AI Score
0.0004EPSS
In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.1AI Score
0.0005EPSS
Reading other users' image files using ChooserActivity image preview
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
[AOSP Bluetooth Use after free-bta_hf_client_sdp.cc-bta_hf_client_do_disc]
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.6AI Score
0.001EPSS
EFI Linux/arm64 code can be subverted to overwrite the shadow call stack pointer
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Cross-user notification access type control using undocumented intent extras
In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
libsensorserviceaidl_fuzzer: Heap-buffer-overflow in android::String8::setTo
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.7AI Score
0.002EPSS
Investigate Security Vulnerability of getPhysicalDisplayToken
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Modifying other users' app locales using AppLocalePickerActivity in Settings
In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
Triage/rating request for io_uring upstream patch
In static initializers of io_uring.c, there is an insecure default value. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
8AI Score
0.0004EPSS
Applications maintain their permission across different targeted sdks
In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution...
7.8CVSS
7.3AI Score
0.0004EPSS
[Out of Bounds Write in avdt_scb_hdl_write_req in avdt_scb_act.c in libbt-stack]
In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7AI Score
0.0004EPSS
Unable to share/attach screenshot to Gmail in work profile
In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges.....
6.8CVSS
6.7AI Score
0.0005EPSS
Backport: FreeType Heap buffer overflow read
In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.1CVSS
6.7AI Score
0.0004EPSS
[Out of Bounds Read in dropFramesUntilIframe Function in AAVCAssembler.cpp in libstagefright_rtsp]
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
7.3AI Score
0.001EPSS
Delete SoftAp configuration on network reset
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...
5.5CVSS
5.6AI Score
0.0004EPSS
In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
Linux kernel vulnerability advisory
In multiple functions of extents.c, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.1CVSS
5.7AI Score
0.001EPSS
GKI kernels contain broken non-upstream Speculative Page Faults MM code
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.7AI Score
0.0004EPSS
In parserCreate of xmlparse.c, there is a possible use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
8.1AI Score
0.004EPSS
Starting Activity from background via LauncherAppsService#getActivityLaunchIntent
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.8CVSS
7.8AI Score
0.0004EPSS
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.8AI Score
0.0005EPSS
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
: wifi: mac80211: fix MBSSID parsing use-after-free
In ieee802_11_parse_elems_crc of util.c, there is a possible use after free due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
8.8AI Score
0.01EPSS
: wifi: cfg80211: fix BSS refcounting bugs
In multiple functions of scan.c, there is a possible way to inject WLAN frames due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
8.3AI Score
0.0004EPSS
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Accessibility Service does not list/report all enabled 3rd party a11y services on the device
In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7AI Score
0.0004EPSS
libfdt_fuzzer: Stack-overflow in fdt_path_offset_namelen
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for...
4.4CVSS
6.1AI Score
0.0004EPSS
[Continual Calling to addAccountExplicitly Causes Permanent DoS to Android System]
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.4AI Score
0.0004EPSS
[Bluetooth avrcp/avdtp heap overflow] part 2: avdt_msg_asmbl
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.8AI Score
0.001EPSS
Task hijacking of apps that set allowTaskReparenting="true"
In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Permanent denial of service via PackageManager#setComponentEnabledSetting
In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
AlwaysOnHotwordDetector allows hotword detection without CAPTURE_AUDIO_HOTWORD permission
In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
3.3CVSS
6.7AI Score
0.0004EPSS
InputMethodManager#getInputMethodWindowVisibleHeight() leaks user activity to any app
In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
5CVSS
6.2AI Score
0.0004EPSS
SQL Injection in CallLogProvider#query via URI PathSegments
In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.5AI Score
0.0004EPSS
Foreground Activity Started via FullScreenIntent
In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.8CVSS
7.1AI Score
0.0004EPSS
In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
7.8CVSS
7.1AI Score
0.0004EPSS
Malicious APP Causes Device DoS - test
In freeStageDirs PackageInstallerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
Vulnerability: external/expat (size_t)
(from https://nvd.nist.gov/vuln/detail/CVE-2022-25314) In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. In copyString of xmlparse.c, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no...
7.5CVSS
8.8AI Score
0.009EPSS
Linux kernel vulnerability advisory
In fget() of file.c, there is a possible read after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7CVSS
7.7AI Score
0.0004EPSS
4 bytes uninitialized heap memory leak from system_server process to untrusted app
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
Make bluetooth discoverable via SettingsIntelligence#SliceDeepLinkTrampoline
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.4AI Score
0.001EPSS
WIFI scanning can be modified even restricted by UserManager.DISALLOW_CONFIG_WIFI
In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS