8153 matches found
CVE-2017-18696
CVE-2017-18696 affects Samsung mobile devices running M(6.0) and N(7.0) on Exynos7420, Exynos8890 or MSM8996 chipsets. Affected component is unspecified in the provided documents, but the issue is described as a memory corruption vulnerability tied to RKP (Samsung’s kernel protection feature). Im...
CVE-2017-6289
The CVE-2017-6289 issue affects NVIDIA Tegra TZ/Tee components exposed to the Android SHIELD TV platform. The connected NVIDIA security bulletin describes a vulnerability in the Tegra kernel driver that could allow a local malicious application to execute arbitrary code within the Trusted Executi...
CVE-2017-6293
CVE-2017-6293 affects NVIDIA SHIELD TV via the Tegra X1 TZ (Widevine TA); a buffer overrun in the TZ/TEE path allows local privilege escalation. The issue is described as a local code execution/elevation of privilege on the Tegra kernel driver. Public details in the connected documents indicate t...
CVE-2017-8267
CVE-2017-8267 affects Qualcomm components in Android CAF builds using the Linux kernel. The issue is a race condition in an IOCTL handler that can lead to an integer overflow and an out-of-bounds write. Impact is described as local, with high severity in CVSS, and no explicit exploit details prov...
CVE-2017-9677
CVE-2017-9677 affects Qualcomm components, specifically the Audio driver, in CAF Android builds using the Linux kernel. The issue arises in msm_compr_ioctl_shared where ddp->params_length can be accessed/modified by multiple threads without proper locking, enabling race conditions. If ddp->...
CVE-2017-9697
CVE-2017-9697 is a local race condition affecting Android builds (Android for MSM, Firefox OS for MSM, QRD Android) using CAF Linux kernel. The vulnerability arises in the diag_dbgfs_read_table path, where a race condition can permit access to memory that has already been freed during command reg...
CVE-2018-11965
Technical details about CVE-2018-11965 are not publicly provided in the connected documents. Available entries repeat the vulnerability description without concrete affected products, versions, root cause, or fixes. Monitor for updates from official advisories.
CVE-2018-12011
Technical details about CVE-2018-12011 are not provided in the supplied documents; no exposed affected products, versions, or remediation are specified here. Monitor for updates.
CVE-2018-21038
CVE-2018-21038 concerns Samsung mobile devices running N(7.x) software, where the Secure Folder app’s startup logic permits an authentication bypass. The vulnerability is tied to the Secure Folder startup sequence, enabling bypass of authentication for affected devices (Samsung ID SVE-2018-11628)...
CVE-2018-21043
Summary: CVE-2018-21043 affects Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810) where a information disclosure vulnerability exists in the kernel pointer handling within the g2d_drv driver caused by logging. Affected software/hardware (documented): Samsung mobile devices running O(8.x...
CVE-2018-21049
CVE-2018-21049 affects Samsung mobile devices with N7.x/O8.x (Exynos). The issue is an arbitrary memory write in a Trustlet caused by a secure driver exposing access to sensitive APIs (Samsung ID SVE-2018-12881). CVSS v3.1 base score 9.8 (CRITICAL): Network attack, no user interaction, high impac...
CVE-2018-21064
The CVE-2018-21064 entry concerns Samsung mobile devices running N(7.x)/O(8.x) software, where an array overflow exists in a driver’s input booster (Samsung SVE-2017-11816). The issue is documented across multiple feeds, with high-severity metrics (CVSS v3.1 base score 9.8, impact on confidential...
CVE-2018-3571
Summary: CVE-2018-3571 affects the Qualcomm KGSL driver used in Android CAF/Linux kernel releases. The vulnerability is a Use-After-Free condition that can occur when printing information about sparse memory allocations. Impact (as described): Local attacker could potentially cause memory corrupt...
CVE-2018-5825
CVE-2018-5825 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF Linux kernels prior to the 2018-04-05 patch level. The kernel IPA driver contains a Use-After-Free condition in the IPA subsystem, as described in the NVD record. The vulnerability is rated with CV...
CVE-2018-5904
CVE-2018-5904 describes a use-after-free vulnerability in the LPM status driver within CAF Linux kernel branches used by Android for MSM, Firefox OS for MSM, and QRD Android. The flaw arises during list traversal for cleanup, enabling a local attacker to potentially exploit the condition. The NVD...
CVE-2018-5906
CVE-2018-5906 affects Android releases (CAF builds) using the Linux kernel, specifically the debugfs module. The root cause is a missing validation of input size before copying into a buffer, leading to a potential buffer overflow. The vulnerability is described across multiple sources (NVD, CVE ...
CVE-2018-9369
CVE-2018-9369 describes a local elevation-of-privilege in the bootloader where a fastboot command allows a user to pass kernel command line arguments. The root cause is the bootloader’s handling of user-supplied kernel parameters, enabling a local attacker to gain higher privileges without additi...
CVE-2018-9428
CVE-2018-9428 : The issue affects Android’s AAudio service (AAudioServiceStreamBase.cpp, startDevice) and is caused by an out-of-bounds write stemming from a use-after-free. This can lead to local arbitrary code execution with high impact (confidentiality, integrity, and availability) as describe...
CVE-2018-9446
CVE-2018-9446 affects Android devices via an out-of-bounds write in smp_br_state_machine_event within smp_br_main.cc caused by memory corruption. This could enable remote code execution with no additional privileges and no user interaction required. Affected versions include Android 6.0 through 8...
CVE-2018-9458
The CVE-2018-9458 issue affects Android 8.0–8.1, rooted in computeFocusedWindow/RootWindowContainer.java where focus can be on the wrong window, enabling interception of keypresses and local elevation of privilege with user interaction required for exploitation. This could expose user keystrokes ...
CVE-2018-9504
CVE-2018-9504 affects Android Bluetooth SDP discovery: a possible out-of-bounds write in sdp_copy_raw_data (sdp_discovery.cc) due to an incorrect bounds check, enabling remote code execution with no user interaction. Affected Android versions include 7.0–9.0; exploitation status and specific patc...
CVE-2018-9588
CVE-2018-9588 affects Android 7.0–9, specifically the avdt_scb_hdl_report path in avdt_scb_act.cc. The vulnerability involves an out-of-bounds read due to a missing bounds check, enabling remote information disclosure over Bluetooth without user interaction. Impact is limited to the reported Andr...
CVE-2018-9590
CVE-2018-9590 affects Android 7.0–9, described as an out-of-bounds read in add_attr() within sdp_discovery.c. The issue could enable remote information disclosure without user interaction and with network access as the attack vector; no exploitation details are provided in the connected documents...
CVE-2018-9593
Technical details about CVE-2018-9593 are not publicly available in the provided connected documents. Monitor for updates from official sources.
CVE-2019-1995
CVE-2019-1995 affects Android (versions 7.0–9) in the ComposeActivityEmail class. The flaw enables a "confused deputy" scenario where an app could silently attach files to an outgoing email, causing local information disclosure and potentially sending files accessible to AOSP Mail to a remote rec...
CVE-2019-20533
CVE-2019-20533 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) (China/India releases). The issue: the S Secure app can launch masked apps without a password. Root cause and technical specifics beyond this summary are not provided in the connected documents. The entry references ...
CVE-2019-20542
CVE-2019-20542 affects Samsung mobile devices running Android N (7.1), O (8.x), and P (9.0) on Exynos chipsets. The issue is a kernel driver stack overflow. No exploit details or specific vulnerable components/version numbers are provided beyond this description. No remediation or patch version i...
CVE-2019-20551
CVE-2019-20551 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0). The issue allows bypassing Factory Reset Protection (FRP) via a Class 0 Type Message, as noted with Samsung ID SVE-2019-14941 (October 2019). Connected Red Hat/Redundancy sources reiterate the same FRP bypass claim;...
CVE-2019-20576
The CVE-2019-20576 issue affects Samsung mobile devices running P(9.0) software. Affected component: MemorySaver Content Provider, which permits SQL injection. The root cause is an injection vulnerability in the Content Provider’s handling of queries, enabling a remote attacker to manipulate the ...
CVE-2019-20778
Summary: CVE-2019-20778 affects LG Android devices (versions 7.0–9.0) with the Backup subsystem failing to properly restrict operations or validate input. This leads to a potential impact on confidentiality, integrity, and availability as indicated by CVSS metrics (3.1: HIGH/HIGH/HIGH; 2.0: PARTI...
CVE-2019-2132
CVE-2019-2132: Android vulnerability allowing an overlay of the VPN dialog by a malicious app, enabling local elevation of privilege. Exploitation requires user interaction and does not require additional execution privileges. Affected: Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. The issue i...
CVE-2019-2164
CVE-2019-2164 affects Android 10 due to an out-of-bounds read in libxaac caused by a missing bounds check. This could disclose information without full execution privileges; exploitation requires user interaction. The Red Hat entry confirms the same description; no patch/version details are provi...
CVE-2019-9282
CVE-2019-9282 affects Google’s Skia library used in Android 10. The issue is an out-of-bounds read due to a missing bounds check, enabling remote information disclosure with no execution privileges and requiring user interaction to exploit. The Android security release notes indicate fixes are pa...
CVE-2019-9285
CVE-2019-9285 describes an out-of-bounds read in Bluetooth on Android 10 due to a missing bounds check. Exploitation could lead to remote DoS without user interaction. Affected product/variant: Android 10 (Android ID: A-111215315). Public metrics: CVSSv3.1 base score 7.5 (High) with network attac...
CVE-2019-9343
CVE-2019-9343 affects the Bluetooth stack in Android 10. The vulnerability arises from a missing bounds check that enables an out-of-bounds read, leading to remote information disclosure without requiring privileges or user interaction. Impact is confined to information disclosure; no exploitatio...
CVE-2019-9428
CVE-2019-9428 affects the Android Framework. The issue arises from BROWSEABLE intents that can allow remote disclosure of sensitive URLs, with exploitation requiring user interaction. Affected product/version: Android 10 (Android Framework). Root cause: abuse of BROWSEABLE intents enabling inform...
CVE-2020-0083
The CVE-2020-0083 issue affects Android 10 where a logic error in setRequirePmfInternal within sta_network.cpp can cause a default value to be misapplied, enabling a remote DoS without user interaction. The Pixel bulletin and Android bulletin indicate this belongs to the System component with a D...
CVE-2020-0106
CVE-2020-0106 affects Android 10. The issue is in PhoneInterfaceManager.getCellLocation, where a missing SDK version check allows a local attacker to bypass a permission check and disclose information without extra privileges. Impacted: local information disclosure; no user interaction required. ...
CVE-2020-0145
CVE-2020-0145 affects Android 10, with a flaw in btm_simple_pair_complete in btm_sec.cc that can trigger an out-of-bounds read due to a missing bounds check. This could lead to local information disclosure on a device with System privileges, and exploitation requires no user interaction. The avai...
CVE-2020-0212
CVE-2020-0212 is a concrete Android security vulnerability affecting Android 10. The issue is an out-of-bounds read caused by a use-after-free in InputBufferManager.cpp (_onBufferDestroyed), potentially enabling remote information disclosure with no execution privilege, requiring user interaction...
CVE-2020-0268
CVE-2020-0268 affects Android 11. In the NFC stack, a race condition can cause a use-after-free, enabling local escalation of privilege to System privileges without user interaction. Impact is described as local, with a High/Moderate multi-source assessment in public records; exploitation status ...
CVE-2020-0269
In CVE-2020-0269, Android Auto Settings contains an unsafe PendingIntent allowing a local information disclosure. Affected: Android 11 (Android Auto Settings). Root cause: permission bypass enabling information leakage without user interaction, though user privileges are required. Exploitation is...
CVE-2020-0276
CVE-2020-0276 affects Android 11 in the Telephony component, where a missing permission check allows a local information disclosure without extra execution privileges. The issue is exploitable locally, with no user interaction required, according to the description. Impact is partial confidential...
CVE-2020-0286
The CVE-2020-0286 entry describes a vulnerability in Android 11's Bluetooth AVRCP where residual data can leak audio metadata, enabling remote information disclosure without privileges or user interaction via a network vector. Affected software is Android 11 (Bluetooth AVRCP); the underlying issu...
CVE-2020-0356
CVE-2020-0356 affects the Android Audio HAL. The issue is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation with system-level execution privileges. Exploitation does not require user interaction. The vulnerability is documented across multiple sources...
CVE-2020-10849
Technical details (affected components, root cause, impact, or fixes) are not publicly disclosed in the provided documents. Monitor for updates from official sources as additional details may be published later.
CVE-2020-12747
CVE-2020-12747 relates to Samsung mobile devices with Q(10.0) using Exynos980/9630 and Exynos990/9830. The issue is a heap-based buffer overflow in the Bootloader caused by mishandling of specific commands. The vulnerability affects the boot process and could lead to unauthorized code execution a...
CVE-2020-25064
Technical details (affected products, vulnerable component, root cause, exploit information) are not provided in the connected documents. Monitor for updates from LG/Security advisories.
CVE-2020-35551
CVE-2020-35551 describes a RPMB state-change vulnerability in Samsung mobile devices with Exynos (O(8.x), P(9.0), Q(10.0)) where an unauthorized RPMB write can be replayed, enabling replay attacks. Root cause centers on RPMB state manipulation; the issue is related to CVE-2020-13799. Documented i...
CVE-2021-0350
CVE-2021-0350 affects Android devices running Android-8.1, Android-9, Android-10, and Android-11. The issue is in the generic governance of input handling in the component described as “ged,” caused by improper input validation, which can cause a local denial of service and requires system execut...