8153 matches found
CVE-2024-0028
The CVE-2024-0028 entry describes an information-disclosure flaw in Android’s Audio Service where a missing permission check could let an attacker obtain the MAC addresses of nearby Bluetooth devices. This is a local issue with low attack complexity and no user interaction required, potentially e...
CVE-2020-25058
CVE-2020-25058 affects LG mobile devices running Android 8.0–10, where the network_management service fails to properly restrict configuration changes. Root cause: insufficient access control in the network_management component. Impact is stated as high across confidentiality, integrity, and avai...
CVE-2020-25060
Technical details about CVE-2020-25060 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2020-27044
CVE-2020-27044 affects Android 11 in Parcel.cpp, restartWrite path, where a use-after-free leads to memory corruption. The issue is described as a local elevation of privilege without extra execution privileges required; user interaction is not needed. The vulnerability is reported with a high ba...
CVE-2021-0343
CVE-2021-0343 affects the kisd component in Android 11. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation to System privileges without user interaction. The vulnerability impact is described as high for confidentiality, integrity, and availability in ...
CVE-2021-0344
CVE-2021-0344 concerns memory corruption in the mtkpower component in Android (Android-10 and Android-11). The root cause is a missing bounds check, enabling local escalation of privileges with System-level execution privileges required; exploitation does not require user interaction. The vulnera...
CVE-2021-0354
CVE-2021-0354: A local privilege-escalation flaw in ged on Android (Android 8.1–11) arises from an out-of-bounds write caused by an integer overflow. The issue allows an attacker with local access to potentially execute with System privileges without user interaction. Affected components are tied...
CVE-2021-0362
CVE-2021-0362 affects Android 11 as described across multiple sources. The vulnerability is a memory corruption via a stack buffer overflow in the aee component, enabling local privilege escalation with System-level execution privileges. Exploitation does not require user interaction. Patch ALPS0...
CVE-2021-0368
CVE-2021-0368 concerns an out-of-bounds read in oggpack_look within bitwise.c, leading to potential information disclosure. The issue is documented for Android 11; the Pixel/Android bulletin indicates this vulnerability is addressed in updated AOSP versions (minimum patch level 2021-03-05, i.e., ...
CVE-2021-0381
The CVE-2021-0381 issue affects Android 11 and is tied to DeviceStorageMonitorService.java (updateNotifications). It describes a possible permission bypass caused by an unsafe PendingIntent that can lead to local information disclosure without user interaction. The exploitable condition requires ...
CVE-2021-0453
CVE-2021-0453 corresponds to a vulnerability in the Titan-M firmware (and related Android kernel component) where uninitialized data can cause a disclosure of stack memory, leading to local information disclosure with system-level privileges required. The public descriptions consistently state th...
CVE-2021-0457
CVE-2021-0457 targets the FingerTipS touch screen driver in the Android kernel and describes an out-of-bounds write caused by a heap buffer overflow, enabling local privilege escalation to SYSTEM with no user interaction required. Public sources (NVD entry, ZDI advisory) corroborate a heap-based ...
CVE-2021-0657
CVE-2021-0657 affects apusys and is caused by a stack-based buffer overflow leading to an out-of-bounds write. This can enable local escalation to System privileges without user interaction. The vulnerability context is supported by multiple sources (e.g., Red Hat, NVD) and lists a patch referenc...
CVE-2021-0893
CVE-2021-0893 affects the MediaTek Apusys component. The vulnerability is a memory corruption via a use-after-free, potentially enabling local escalation of privileges with System execution privileges required; no user interaction is necessary. Patches exist (Patch ID: ALPS05672107; Issue ID: ALP...
CVE-2021-25459
CVE-2021-25459 affects BlockchainTZService. The vulnerability is an improper access control in the sspInit() function that allows attackers to start the BlockchainTZService. Affected versions are prior to SMR Sep-2021 Release 1. Exploitation details are not provided beyond local access vectors im...
CVE-2021-25476
CVE-2021-25476 describes an information-disclosure vulnerability in Widevine TA log prior to Samsung SMR Oct-2021 Release 1 that enables bypass of ASLR in the Trusted Execution Environment (TEE). Affected component: Widevine TA log. Root cause: information leakage in the log prior to the SMR patc...
CVE-2021-25488
The CVE-2021-25488 issue affects Samsung devices via the modem interface driver’s recv_data() function. The root cause is a missing boundary check in the buffer handling, before the SMR Oct-2021 Release 1 patch, which permits an out-of-bounds (OOB) read. The vulnerability is documented across mul...
CVE-2021-25510
CVE-2021-25510 concerns an improper validation in FilterProvider, prior to Samsung SMR Dec-2021 Release 1, enabling local arbitrary code execution. Affected context is Samsung mobile software; vulnerability is localized with potential full impact to confidentiality, integrity, and availability as...
CVE-2021-25513
CVE-2021-25513 affects the Apps Edge application prior to Samsung SMR Dec-2021 Release 1. The root cause is improper privilege management, enabling unauthorized access to certain lockscreen data. Impact is limited to exposure of device data on the lockscreen; CVSS scores (NVD 2.4/3.1, Low) reflec...
CVE-2021-30161
CVE-2021-30161 affects LG mobile devices running Android 11. The vulnerability allows attackers to bypass the lockscreen protection after an incoming call has been terminated. Root cause, affected models/versions, exploit details, and fixes are not provided in the connected documents; remediation...
CVE-2022-20013
The CVE-2022-20013 entry concerns the vow driver with a race-condition that enables memory corruption and local escalation to System privileges. Affected component: vow driver (MediaTek context appears in related sources). Impact: local privilege escalation with high impact on confidentiality, in...
CVE-2022-20019
CVE-2022-20019 affects the MediaTek libMtkOmxGsmDec component. The issue is an incorrect bounds check that may allow local information disclosure without requiring additional execution privileges; user interaction is not needed. The CVE description and Red Hat/NVD entries confirm the impact is li...
CVE-2022-20324
CVE-2022-20324 : In Android 13, the Framework exposes a side-channel leak that can reveal whether an app is installed without query permissions, enabling local information disclosure without extra execution privileges. The vulnerability affects the Framework component and results in confidential ...
CVE-2022-26462
CVE-2022-26462 describes an out-of-bounds read in the MediaTek vow component caused by an incorrect bounds check. The vulnerability could lead to local information disclosure with system-level execution privileges required, and exploitation reportedly does not require user interaction. Public ref...
CVE-2022-32645
CVE-2022-32645 affects vow and describes a race condition that could lead to local information disclosure with SYSTEM privileges required. Exploitation does not require user interaction. The CVE entry cites a patch ID ALPS07494477 (issue ALPS07494477) as the remediation. Multiple connected source...
CVE-2022-38689
CVE-2022-38689 concerns the telephony service, where a missing permission check can enable local information disclosure without extra execution privileges. Multiple connected sources corroborate a local-privilege-agnostic disclosure vector affecting telephony components, with no concrete exploit ...
CVE-2022-39103
The CVE-2022-39103 entry concerns the Gallery service, where a missing permission check is the root cause. This vulnerability could permit local denial of service without requiring additional execution privileges. Publicly provided documents reiterate the issue but do not specify affected version...
CVE-2022-39109
Technical details about CVE-2022-39109 are not publicly provided in the connected documents. Monitor for updates from vendors and advisories to obtain affected products, versions, and fixes.
CVE-2022-39120
CVE-2022-39120 concerns a vulnerability in the kernel’s sensor driver where a missing bounds check can trigger an out-of-bounds write, enabling local denial of service. This is described consistently across sources (NVD/Red Hat/NVD enrichments) as a local, high-availability impact with a 5.5 CVSS...
CVE-2022-39896
CVE-2022-39896 affects Samsung Contacts prior to SMR Dec-2022 Release 1. The issue is improper access control that could allow access to sensitive information via implicit intents. Affected component: Contacts; root cause identified as access-control weakness. Impact described in sources as expos...
CVE-2022-42759
CVE-2022-42759 affects the wlan driver, where a missing bounds check in the driver could allow a local denial of service in wlan services. The Red Hat and NVD entries corroborate the description; no concrete exploit details are provided in the connected documents. The PT-Security entry notes the ...
CVE-2022-47334
CVE-2022-47334 concerns the phasecheck server, where a missing bounds check can cause an out-of-bounds read. This vulnerability is described as enabling a local denial of service with system execution privileges required. The connected documents consistently relay the same underlying issue, thoug...
CVE-2022-47357
CVE-2022-47357 involves a missing permission check in the log service, enabling local denial of service. The CVSS 3.1 base score is 5.5 (LOCAL attacker, LOW attack complexity, LOW privileges required, HIGH impact on availability). The available documents do not specify the affected vendor/product...
CVE-2022-48243
CVE-2022-48243 concerns the UNISOC audio service, where a missing permission check in the audio service could enable local escalation of privilege with no additional execution privileges. The CVE is consistently described across sources as a local-privilege-escalation issue without public details...
CVE-2022-48382
CVE-2022-48382 concerns UNISOC chipsets’ log service. The root cause is a missing bounds check that enables an out-of-bounds write. Impact described as local denial of service with system privileges required. Exploitation details are not provided in the connected documents. Remediation/patch info...
CVE-2023-20638
CVE-2023-20638 affects the ril component of MediaTek chips, caused by a missing bounds check that enables an out-of-bounds write. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation. A patch is available: ALPS...
CVE-2023-20644
CVE-2023-20644 affects the ril module of MediaTek-based devices, where a missing bounds check causes an out-of-bounds read. This can lead to local information disclosure with potential system-privilege execution, with no user interaction required. Exploitation details are not provided in the docu...
CVE-2023-20647
This CVE (CVE-2023-20647) affects the ril module in MediaTek chips. The root cause is a missing bounds check that enables an out-of-bounds read, leading to local information disclosure with system execution privileges required. Exploitation is described as not requiring user interaction. Patch ID...
CVE-2023-20648
CVE-2023-20648 affects the ril module in MediaTek chips. Root cause: missing bounds check causing an out-of-bounds read. Impact: local information disclosure with system execution privileges required; exploitation requires no user interaction. Patch ID: ALPS07628612. Multiple connected sources (N...
CVE-2023-20649
The CVE-2023-20649 entry concerns the MediaTek ril module. A missing bounds check can cause an out-of-bounds read, enabling local information disclosure with system execution privileges required. Exploitation does not require user interaction, but the vulnerability is confirmed as LOCAL with HIGH...
CVE-2023-20666
CVE-2023-20666 concerns a MediaTek display DRM component with an out-of-bounds write caused by a missing bounds check. The vulnerability enables local privilege escalation to System level without user interaction. The issue is indicated to affect the Display DRM path, with a patch identifier ALPS...
CVE-2023-20677
The CVE-2023-20677 issue affects the wlan component in MediaTek-based devices, caused by a missing bounds check leading to an out-of-bounds read. Impact is local information disclosure with SYSTEM-level execution privileges required, and exploitation reportedly does not require user interaction. ...
CVE-2023-20722
CVE-2023-20722 affects the m4u component with an out-of-bounds write caused by improper input validation. This can lead to local privilege escalation requiring System execution privileges, with no user interaction needed. A patch is available (Patch ID: ALPS07771518; Issue ID: ALPS07680084). Conn...
CVE-2023-20803
Summary: CVE-2023-20803 affects the imgsys component of MediaTek microprogram software, where memory corruption can occur due to improper input validation. This leads to local privilege escalation with system execution privileges required and user interaction needed for exploitation. Technical de...
CVE-2023-21320
CVE-2023-21320 concerns information disclosure via the Device Policy on Android. The issue enables an attacker to verify whether a specific admin app is registered on a device through side-channel information disclosure, resulting in local information disclosure with no additional execution privi...
CVE-2023-30938
CVE-2023-30938 involves a missing privilege check in the telephony service that can lead to local information disclosure without extra execution privileges. Connected sources describe affected UNISOC chipsets (e.g., SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616, T820, S8000)...
CVE-2023-32864
CVE-2023-32864 describes an out-of-bounds write in the display drm component of MediaTek chips caused by an incorrect bounds check. This can lead to local escalation of privilege with System-level execution privileges required; no user interaction is needed for exploitation. A patch is identified...
CVE-2023-32884
In netdagent, the vulnerability is an information disclosure caused by an incorrect bounds check, enabling local escalation of privilege with System-level execution privileges. Affected component: netdagent (no specific versions provided in the connected docs). Impact is described as high for con...
CVE-2023-4164
CVE-2023-4164 affects Google Pixel Watch. It describes a local information-disclosure vulnerability caused by a missing permission check that could expose health data without extra privileges. Public details confirm the issue but do not provide exploit specifics. Impact is focused on confidential...
CVE-2023-42637
CVE-2023-42637 concerns the validationtools component, where a missing permission check could allow local information disclosure without additional execution privileges. The available connected documents confirm the issue but do not provide concrete product/version mappings, exploit details, or a...