8153 matches found
CVE-2022-39128
CVE-2022-39128 corresponds to a vulnerability in the sensor driver that can cause a local denial of service in the kernel due to an out-of-bounds write from a missing bounds check. The connected documents consistently describe: (1) the flaw as a bounds-check omission in the sensor driver, (2) imp...
CVE-2022-39852
CVE-2022-39852 is a heap-based overflow in the makeContactAGIF function of libagifencoder.quram.so, vulnerable in Samsung devices prior to SMR Oct-2022 Release 1. This can allow local attacker-controlled code execution with high impact on confidentiality, integrity, and availability. Remediation ...
CVE-2022-39853
CVE-2022-39853 describes a use-after-free vulnerability in the Samsung perf-mgr driver, affecting versions prior to the SMR Oct-2022 Release 1. The underlying issue allows an attacker to cause a memory access fault (memory corruption) and is classified with a high impact in NVD, with local attack...
CVE-2022-39883
CVE-2022-39883 affects Samsung StorageManagerService prior to SMR Nov-2022 Release 1. The issue is an improper authorization that lets a local attacker call a privileged API. The NVD CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, LOW complexity, and Privileges Required: LOW. Red Hat/...
CVE-2022-39898
CVE-2022-39898 affects Samsung IIccPhoneBook prior to SMR Dec-2022 Release 1 and is characterized by improper access control that could allow access to some information on the USIM. The vulnerability is documented across multiple feeds (NVD, Red Hat, CVE List) with a common description and a Sams...
CVE-2022-39904
CVE-2022-39904 affects Samsung Settings on Samsung mobile devices prior to SMR Dec-2022 Release 1. The issue is an information disclosure where the Network Access Identifier is exposed in logs, allowing local attackers to access it. Affected component: Samsung Settings; root cause: log exposure o...
CVE-2022-42540
CVE-2022-42540 is described as an Elevation of Privilege affecting Chromecast’s AMLogic Secure Monitor. The Chromecast Security Bulletin lists CVE-2022-42540 among issues addressed by the 2023-07-01 patch level, indicating a vendor-provided fix in Chromecast firmware. NVD assigns a 3.1 base score...
CVE-2022-44445
CVE-2022-44445 affects the WLAN driver, where a missing bounds check in the driver could allow local denial of service in WLAN services. The CVSS vector indicates local access, low attack complexity, and required privileges with a high availability impact, resulting in a base score of 5.5 (Medium...
CVE-2022-47330
CVE-2022-47330 is described as a possible missing permission check in the WLAN driver causing local information disclosure. The connected documents reiterate this description but do not provide concrete technical details such as affected products, versions, root cause specifics, exploitation stat...
CVE-2022-47341
The CVE-2022-47341 entry describes a vulnerability in engineermode services with a missing permission check that could allow local escalation of privilege to system execution privileges. Affected component: engineermode services. Root cause: inadequate permission validation leading to privilege e...
CVE-2022-47355
CVE-2022-47355 is described across multiple sources as a missing permission check in a log service that could allow local denial of service. The primary affected component appears to be the log service, with the root cause stated as insufficient permission validation. Reported impact is local den...
CVE-2022-47365
CVE-2022-47365 relates to a missing bounds check in the wlan driver that can cause an out-of-bounds write, leading to local denial of service in wlan services. Affected component: wlan driver (specific products/versions not enumerated in the provided documents). Root cause: missing bounds check e...
CVE-2022-47371
The CVE-2022-47371 issue affects the bt driver (kernel component). A thread competition causes resources to be released early, which can enable local denial of service in the kernel. Documents consistently describe the vulnerability and impact as local DoS but do not provide confirmed exploit det...
CVE-2022-47450
CVE-2022-47450 concerns the WLAN driver where a missing permission check could allow local information disclosure. Multiple sources (NVD entry, RH advisories, PRION, CNNVD, CVE lists) describe the issue as a local-privilege-context exposure with high confidentiality impact and no explicit exploit...
CVE-2022-47454
CVE-2022-47454 affects the UNISOC/WLAN chipset’s driver, where a missing parameter check in the WLAN module can cause a local denial-of-service condition in wlan services. The issue stems from insufficient input validation in the WLAN driver path, enabling a configuration/state input to trigger a...
CVE-2022-47456
CVE-2022-47456 concerns the UNISOC wlan driver: a missing parameter check in the WLAN module can cause a local denial of service. The NVD entry lists a CVSS v3.1 base score of 5.5 (Medium) with local attack vector and low privileges required, while exploitation details are not provided in the rec...
CVE-2022-47463
CVE-2022-47463: The connected documents indicate a missing permission check in the telecom service, leading to local denial of service. Affected component: telecom service (no explicit version/bundle provided). Root cause: insufficient permission validation. Impact: local DoS as described; exploi...
CVE-2022-47473
CVE-2022-47473 affects the telephony service (telephony module) where a missing permission check can lead to local information disclosure without requiring additional privileges. Multiple sources (Red Hat, NVD, CVE List, and UNISOC/CNNVD summaries) describe the same root cause and impact, with th...
CVE-2022-47493
The CVE-2022-47493 entry describes a missing permission check in the UNISOC Soter service, enabling local denial of service with no additional execution privileges. The issue is tied to the soter service component and is described as a local vulnerability with a high availability impact, but no e...
CVE-2023-20737
The CVE-2023-20737 issue concerns the vcu component in MediaTek devices, where an improper locking leads to a use-after-free condition. This vulnerability can enable local escalation of privileges to SYSTEM with no user interaction required. Affected behavior is described as a local exploit path,...
CVE-2023-20831
The CVE-2023-20831 issue affects the gps component and is described as an out-of-bounds write caused by a missing bounds check. The underlying effect is local escalation of privilege with SYSTEM execution privileges required, and exploitation does not require user interaction. The available docum...
CVE-2023-21297
CVE-2023-21297 affects SEPolicy in Android, enabling a permissions bypass to access the factory MAC address. This can cause local information disclosure with System execution privileges required and does not require user interaction. The connected Red Hat, CNVD, and other sources reiterate the sa...
CVE-2023-21354
CVE-2023-21354 is associated with Android’s Package Manager Service. The described vulnerability allows an attacker to determine if an app is installed without query permissions via a side-channel information disclosure, enabling local information leakage without additional execution privileges. ...
CVE-2023-21368
CVE-2023-21368 affects Android’s Audio component, with a possible out-of-bounds read caused by a missing bounds check. The consequence is local information disclosure without requiring privileges; exploitation does not require user interaction. Multiple connected sources corroborate the issue, in...
CVE-2023-30928
CVE-2023-30928 affects the telephony service and is due to a missing permission check in the telephony component, enabling local escalation of privilege with no additional execution privileges. Multiple sources (NVD, Red Hat, CNNVD, PRION, CVE lists) corroborate the issue as a local‑privilege‑esc...
CVE-2023-30936
CVE-2023-30936 affects the telephony service where a missing permission check can lead to local information disclosure without extra execution privileges. Concrete references in trusted sources indicate impact on UNISOC chipsets (e.g., various SC and T-series models) with local access required an...
CVE-2023-32807
The CVE-2023-32807 issue affects the wlan service in MediaTek-based devices, caused by an improper input validation that leads to an out-of-bounds read. This could allow local information disclosure and requires system privileges, with no user interaction needed. The vulnerability details are sup...
CVE-2023-32813
The CVE-2023-32813 issue affects the gnss service and involves an out-of-bounds write caused by improper input validation. This could lead to local information disclosure with system privileges required; no user interaction is needed. A patch is identified as ALPS08017370 (Issue ALPS08017370) and...
CVE-2023-32814
Summary: CVE-2023-32814 affects the gnss service in MediaTek-based platforms. The root cause is an improper input validation that allows an out-of-bounds read, enabling local information disclosure with system execution privileges and no user interaction required. Impact and context: Local attack...
CVE-2023-32839
The CVE-2023-32839 entry describes a local out-of-bounds write in the dpe module caused by missing range checking, enabling local privilege escalation with SYSTEM rights and no user interaction. Affected: dpe (MediaTek-related context from multiple sources); impact is high for confidentiality, in...
CVE-2023-32878
CVE-2023-32878 affects the battery module in MediaTek chips, where a missing bounds check can cause information disclosure. The vulnerability permits local information disclosure with system execution privileges required, and no user interaction is needed. A patch is identified (ALPS08308070; ALP...
CVE-2023-32881
CVE-2023-32881 affects MediaTek battery module. A possible information disclosure stems from an integer overflow, enabling local information disclosure with system-level privileges; no user interaction is required. Patch ALPS08308070 / ALPS08308080 is referenced. No exploit details or in-the-wild...
CVE-2023-32889
CVE-2023-32889 affects the Modem IMS Call UA component, where a missing bounds check enables an out-of-bounds write leading to remote denial of service without user interaction. The issue is documented across NVD, Red Hat, PRION, CVE listings, and related advisories, with a patch ID MOLY01161825 ...
CVE-2023-33881
Summary: CVE-2023-33881 describes a missing permission check in the telephony service that can cause local information disclosure without extra privileges. The issue is documented across multiple sources (NVD/Red Hat/CVE listing) with the same core impact: local information leakage, low attack co...
CVE-2023-33909
CVE-2023-33909 describes a missing permission check in the Contacts service module on UNISOC chipsets, enabling potential local information disclosure without extra privileges. According to NVD, the issue has CVSS v3.1: base score 5.5 (Impact: Confidentiality High; Attack Vector: Local; Privilege...
CVE-2023-33911
CVE-2023-33911 affects the vowifi service in UNISOC-based environments. Root cause: a missing permission check leading to local information disclosure without additional execution privileges. Impact: confidentiality breach (local access, high impact) without integrity or availability impact per t...
CVE-2023-35689
Summary: CVE-2023-35689 is an Elevation of Privilege in Wear OS related to an insecure default value in checkDebuggingDisallowed within DeviceVersionFragment.java, allowing local escalation of privilege with no extra execution privileges and no user interaction. The issue is listed with High seve...
CVE-2023-40636
CVE-2023-40636 relates to a vulnerability in the telecom service where a missing permission check could allow writing permission usage records for an app, enabling local information disclosure. The underlying issue requires System-level execution privileges for exploitation, with a CVSSv3.1 base ...
CVE-2023-44122
Summary (CVE-2023-44122): The LG LockScreenSettings app suffers a local-privelege issue where implicit intents can be intercepted by other apps on the same device, allowing theft of files via onActivityResult(). The attacker could cause the app to copy a received file to “/data/shared/dw/mycatego...
CVE-2023-44125
CVE-2023-44125 affects the Personalized service app (com.lge.abba). The issue is use of implicit PendingIntents without PendingIntent.FLAG_IMMUTABLE, which could enable an attacker’s app (with access to notifications) to hijack intents, intercept them, and then obtain permissions to content provi...
CVE-2023-52344
CVE-2023-52344 affects UNISOC’s modem-ps-nas-ngmm. The issue is an undefined behavior caused by incorrect error handling in the module, potentially enabling remote information disclosure over a network with no additional execution privileges required. CVSS 3.1 base score 5.3 (AV:N/AC:L/PR:N/UI:N/...
CVE-2024-0028
The CVE-2024-0028 entry describes an information-disclosure flaw in Android’s Audio Service where a missing permission check could let an attacker obtain the MAC addresses of nearby Bluetooth devices. This is a local issue with low attack complexity and no user interaction required, potentially e...
CVE-2024-20013
CVE-2024-20013: MediaTek media chips — in keyInstall there is an out-of-bounds write due to a missing bounds check, enabling local privilege escalation to System level. Exploitation details are not provided in the documents; exploitation status is not confirmed. Patch ID ALPS08471742; Issue ID AL...
CVE-2024-20108
CVE-2024-20108 affects the atci component (MediaTek chipsets). The vulnerability is an out-of-bounds write caused by a missing bounds check, enabling a local escalation of privilege with System execution privileges required. No user interaction is needed. A patch is referenced (Patch ID: ALPS0908...
CVE-2024-20120
CVE-2024-20120 concerns a bound-check failure in KeyInstall that enables an out-of-bounds write, leading to local privilege escalation with SYSTEM-level execution privileges required and no user interaction needed. Multiple sources (NVD, Red Hat, CVE lists, and vuln enrichment) confirm the issue ...
CVE-2024-20130
The CVE-2024-20130 entry concerns the MediaTek MT8796 Power component. A missing bounds check can trigger an out-of-bounds write, enabling local escalation of privilege with SYSTEM execution privileges required. No user interaction is needed. The vulnerability is documented with Patch ID ALPS0919...
CVE-2025-48539
CVE-2025-48539: In SendPacketToPeer of acl_arbiter.cc there is a possible out-of-bounds read due to a use-after-free, which could enable remote code execution with no additional privileges and no user interaction. Connected documents identify this as an Android System component issue with high se...
CVE-2011-0680
The CVE affects Android’s Mms component. data/WorkingMessage.java in the Mms app on Android versions before 2.2.2 and on 2.3.x before 2.3.2 fails to properly manage the draft SMS cache, allowing remote attackers to read SMS messages intended for other recipients under certain conditions via the s...
CVE-2014-3164
CVE-2014-3164 affects Android code in cmds/servicemanager/service_manager.c prior to commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5. The vulnerability allows a denial of service via a NULL pointer dereference or an out-of-bounds write, related to binder passed lengths. Connected documents (NVD e...
CVE-2014-7953
CVE-2014-7953 describes a race condition in Android 4.4.4’s ActivityManagerService.bindBackupAgent that lets a local user with adb shell execute code as system by coordinating an adb install with a crafted logcat script to force bindBackupAgent to use an ApplicationInfo uid of 1000. The flaw stem...