8153 matches found
CVE-2022-44424
CVE-2022-44424: The issue is a missing permission check in the music service that can trigger a local denial-of-service in the contacts service without requiring additional privileges. The available sources do not provide concrete exploit details, affected product versions, or a documented fix. M...
CVE-2022-47329
CVE-2022-47329 involves a missing permission check in the WLAN driver that could lead to local information disclosure. The vulnerability’s root cause is an insufficient authorization check in the WLAN driver, with local attack potential and confidentiality impact described as high. The connected ...
CVE-2022-47464
CVE-2022-47464 describes a missing permission check in the telecom service, enabling local denial of service. Affected: telecom service component; root cause: insufficient permission validation. Impact: local DoS with high availability impact as per CVSS 3.1 vector. Exploitation details are not p...
CVE-2022-47468
CVE-2022-47468 is linked in connected documents to a vulnerability in UNISOC chipsets , described as a missing privilege/permission check that can cause a local denial of service . The root cause is stated as a lack of privilege checking leading to DoS; the Red Hat/NVD entries reiterate the same ...
CVE-2022-47482
CVE-2022-47482 involves a missing permission check in the telephony service, enabling a local denial of service without additional execution privileges. The NVD listing specifies a CVSS v3.1 base score of 5.5 (Medium), with local attack vector, low attack complexity and privileges required, and a...
CVE-2022-47484
CVE-2022-47484 concerns a missing permission check in the telephony service, enabling local denial of service without additional execution privileges. Connected sources consistently reference the telephony module and privilege check omission as the root cause, but do not provide concrete details ...
CVE-2022-48368
CVE-2022-48368 affects the UNISOC chipsets’ audio service, with the root cause described as a missing permission check in the audio service. This could allow a local attacker with low privileges and no user interaction to escalate to a high-privilege level, potentially compromising confidentialit...
CVE-2022-48373
The CVE-2022-48373 entry concerns a local out-of-bounds write in the UNISOC/tee service due to a missing bounds check, leading to local denial of service with SYSTEM privileges. Public references (NVD, Red Hat, CVE list, vuln enrichment) confirm the same root cause and impact, but exploitation st...
CVE-2022-48453
CVE-2022-48453 affects a camera driver (Unisoc-based devices) with a missing bounds check that can trigger an out-of-bounds write. Impact is local denial of service with system privileges required; CVSSv3.1 vector indicates local access, high privileges, and availability impact, with a medium bas...
CVE-2023-20610
CVE-2023-20610 describes a memory corruption risk in the MediaTek display DRM stack caused by a race condition, enabling local escalation of privilege with System execution privileges required and no user interaction. The vulnerability affects the display DRM component; the root cause is a race c...
CVE-2023-20633
CVE-2023-20633 describes a potential out-of-bounds write in the usb module due to a missing bounds check, enabling local escalation of privileges with SYSTEM level execution and no user interaction required. The vulnerability is described consistently across multiple sources and references patch ...
CVE-2023-20708
CVE-2023-20708 involves a possible out-of-bounds read in the MediaTek keyinstall component. The underlying issue is a missing bounds check, enabling local privilege escalation with System execution privileges needed. Exploitation status is not documented in the provided sources. The vulnerability...
CVE-2023-20711
CVE-2023-20711 affects the keyinstall component and describes a possible out-of-bounds read due to a missing bounds check, enabling local information disclosure with system privileges needed. Exploitation details are not specified in the provided documents; user interaction is not required. The p...
CVE-2023-20723
Summary of CVE-2023-20723 : A Bluetooth vulnerability in MediaTek-based devices allows an out-of-bounds read due to a missing bounds check, enabling local escalation of privilege with System execution privileges required. Exploitation is described as local with no user interaction needed; the ent...
CVE-2023-20724
The CVE-2023-20724 entry concerns MediaTek Bluetooth implementations. A missing bounds check in the Bluetooth module enables an out-of-bounds read, leading to local escalation of privilege with System-level execution privileges; exploitation requires no user interaction. The vulnerability affects...
CVE-2023-20756
CVE-2023-20756 concerns a vulnerability in keyinstall (reported across multiple feeds) that enables an out-of-bounds write caused by an integer overflow. This can lead to local escalation of privilege with SYSTEM privileges, requiring no user interaction. A patch is available (Patch ID ALPS075100...
CVE-2023-20782
MediaTek’s keyinstall component in the MediaTek microprogram software is affected by CVE-2023-20782, caused by a missing bounds check that can lead to local information disclosure with System privileges (no user interaction). A patch is noted as ALPS07550104 (Issue ALPS07550103). Connected adviso...
CVE-2023-20786
The CVE-2023-20786 entry concerns the MediaTek GPS component. A missing bounds check enables an out-of-bounds write, leading to local escalation of privilege with System execution privileges required. Exploitation does not require user interaction. A patch entry is noted as ALPS07767811 (Issue AL...
CVE-2023-20788
CVE-2023-20788 affects MediaTek devices in the thermal component where a race condition can cause a use-after-free, enabling local privilege escalation to SYSTEM if exploited. Exploitation details are not provided in the documents; no user interaction is required. A patch is referenced (ALPS07648...
CVE-2023-20813
CVE-2023-20813 affects MediaTek WLAN software/component where an out-of-bounds read occurs due to improper input validation. Impact described as local information disclosure with the need for System execution privileges; no user interaction required. Patch referenced: ALPS07453549 (Issue ID: ALPS...
CVE-2023-20815
The CVE-2023-20815 issue affects MediaTek WLAN software. Affected component: WLAN service; root cause: out-of-bounds write due to improper input validation. Impact: local escalation of privilege with System execution privileges required; no user interaction needed. Remediation: patch ALPS07453587...
CVE-2023-20834
The CVE-2023-20834 issue affects the pda component, where a race condition leads to a use-after-free vulnerability. This can allow local escalation of privilege to SYSTEM level with high confidentiality/integrity/availability impact, and requires no user interaction to exploit. The documented att...
CVE-2023-21305
Technical details for CVE-2023-21305 are not publicly provided in the supplied documents. No specifics on affected products, versions, or fixes are present. Please monitor for updates.
CVE-2023-21325
Technical details about CVE-2023-21325 are not publicly available in the provided connected documents. No concrete information on affected products, versions, or fixes is present. Monitor for updates.
CVE-2023-21333
CVE-2023-21333 describes an information-disclosure flaw in Android’s Text Services where an attacker can determine if an app is installed via side-channel information disclosure. This can lead to local information leakage with no additional privileges and without user interaction. Connected docum...
CVE-2023-21346
CVE-2023-21346 is listed in Android 14 security release notes under Framework with Type ID and Moderate severity. The initial description indicates a local information-disclosure via Device Idle Controller side-channel (no user interaction required). Connected notes confirm framework-level classi...
CVE-2023-21360
CVE-2023-21360 affects Android Bluetooth and is characterized by an out-of-bounds write caused by improper input validation. The issue enables local elevation of privilege to System after exploitation, with no user interaction required. Public details consistently describe the vulnerability as a ...
CVE-2023-21383
Technical details (affected product/version/root cause/fix) for CVE-2023-21383 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2023-30921
CVE-2023-30921 affects UNISOC chipsets (SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T770/T820/S8000). Root cause: missing permission check in the messaging service, enabling local information disclosure with no additional execution privileges. Impact per sources: local confidential...
CVE-2023-32811
CVE-2023-32811 affects the connectivity system driver. The root cause is an out-of-bounds write due to improper input validation, enabling local escalation to SYSTEM with no user interaction. Exploitation status is not fully detailed in the provided documents, but a patch (Patch ID: ALPS07929848;...
CVE-2023-40101
CVE-2023-40101 describes an out-of-bounds read in the collapse path of canonicalize_md.c that can disclose local information without extra privileges or user interaction. Public records in multiple sources (NVD, Red Hat, CNVD, etc.) confirm the same description. The Android 14 release notes list ...
CVE-2023-40631
No public technical details are provided in the supplied documents for CVE-2023-40631 beyond the description of a missing permission check in Dialer causing local information disclosure; monitor for updates.
CVE-2023-42632
The CVE-2023-42632 issue affects validationtools, where a missing permission check could allow local information disclosure without requiring any additional execution privileges. Documented impact is limited to disclosure (Confidentiality Impact: HIGH) with local attack vector and no user interac...
CVE-2023-42655
CVE-2023-42655 relates to the sim service where there is a missing permission check that allows writing permission usage records, enabling local privilege escalation to System level. The advisory consistently references the sim service as the affected component and describes the root cause as ins...
CVE-2024-20015
CVE-2024-20015 involves a permissions bypass in the telephony stack that can enable local privilege escalation with no user interaction. Documentation across sources (NVD, Red Hat, CVE lists) notes a local-privilege escalation impact and identifies a patch/Issue ID: ALPS08441419. The exact affect...
CVE-2024-20088
CVE-2024-20088 affects MediaTek keyinstall: an out-of-bounds read due to a missing bounds check, enabling local information disclosure with system privileges. Public exploitation details are not provided in the available documents. The vulnerability is associated with patch ID ALPS08932099 and Is...
CVE-2024-39436
The CVE-2024-39436 entry concerns the LinkTurboNative service, with a command-injection due to improper input validation. Impact is local privilege escalation to SYSTEM. Multiple connected sources (Red Hat, NVD, CVE lists, and PT-Security) confirm the issue description; details on affected versio...
CVE-2024-39440
CVE-2024-39440 affects the DRM service and is caused by a null pointer dereference that can crash the system, leading to local denial of service with SYSTEM privileges required. Public references consistently describe the issue as a local DoS in DRM service components; no exploitation details are...
CVE-2014-4959
Technical details about CVE-2014-4959 are not publicly provided in the included documents; no affected products, root cause, impact, or remediation are specified. Monitor for updates.
CVE-2014-8610
The CVE describes a vulnerability in Android prior to 5.0.0 where AndroidManifest.xml does not require SEND_SMS for the SmsReceiver, allowing an unprivileged app to cause stored SMS messages to be resent or new draft SMS messages to be sent by broadcasting the com.android.mms.transaction.MESSAGE_...
CVE-2014-9788
Converged detail from CNVD-2016-04814 confirms CVE-2014-9788 is a buffer overflow in the Qualcomm sound driver in Android on Nexus 5 prior to 2016-07-05, exploitable by a crafted app to gain privileges. Root cause: overflow in the Qualcomm sound driver; Impact: local privilege escalation. A patch...
CVE-2014-9802
CVE-2014-9802: Concrete details found in CNVD-2016-04811 and related records show an integer overflow in lib/libfdt/fdt.c within the Qualcomm component on Android, affecting Nexus 5 and Nexus 7 (2013) devices. Root cause: integer overflow in the FDT parser leads to privilege escalation when proce...
CVE-2014-9864
The CVE-2014-9864 entry concerns Android on Nexus devices (Nexus 5/7 2013) where drivers/misc/qseecom.c in Qualcomm components does not validate ioctl calls, enabling privilege escalation via a crafted app. Connected docs are not provided here, but the description states the flaw allows local pri...
CVE-2014-9866
CVE-2014-9866 affects Qualcomm MSM camera driver on Nexus 5/Nexus 7 (2013) running Android with pre-2016-08-05 patch levels. The vulnerable file is drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c, where a parameter is not validated, enabling elevation of privilege via a crafted applic...
CVE-2014-9869
CVE-2014-9869 affects Android on Nexus 5/7 (2013) prior to 2016-08-05, where msm_isp_stats_util.c in Qualcomm components does not validate certain index values, enabling local privilege escalation via a crafted app. Connected sources confirm the issue is a privilege escalation in Mediaserver/kern...
CVE-2014-9875
CVE-2014-9875 affects Android on Nexus 7 (2013) prior to 2016-08-05. The vulnerability is in drivers/char/diag/diag_dci.c of Qualcomm components and allows privilege escalation via a crafted application that sends short DCI request packets (Android internal bug 28767589; Qualcomm bug CR483310). P...
CVE-2014-9884
CVE-2014-9884 affects Android on Nexus 5 and Nexus 7 (2013) via drivers/misc/qseecom.c in Qualcomm components. The root cause is that qseecom.c does not validate certain pointers, enabling a local attacker with a crafted app to gain privileges. Connected sources corroborate a privilege-escalation...
CVE-2014-9909
The CVE-2014-9909 entry describes an elevation of privilege vulnerability in the Broadcom Wi‑Fi driver for Android, where a local malicious application could execute arbitrary code in the kernel context. The issue is considered High impact because it requires compromising a privileged process fir...
CVE-2014-9955
CVE-2014-9955 is an elevation-of-privilege vulnerability affecting Android, specifically in Qualcomm closed‑source components with the Android kernel as the platform. The connected CVE records confirm the issue is associated with Qualcomm closed‑source components and that fixes are not delivered ...
CVE-2014-9967
CVE-2014-9967 describes an untrusted pointer dereference in the WideVine DRM component used by Android CAF builds that run on the Linux kernel. The vulnerability is located in WideVine DRM (a media/content protection feature) and is triggered by dereferencing an untrusted pointer, leading to pote...