8153 matches found
CVE-2020-0131
CVE-2020-0131 affects Android 10 in the Media Framework’s MPEG4Extractor.cpp parseChunk path, where an out-of-bounds write can occur from incompletely initialized data. This vulnerability allows remote code execution via a network vector with the need for user interaction to exploit (per the CVE ...
CVE-2020-0147
CVE-2020-0147 affects Android 10 (Pixel devices) due to an out-of-bounds read in btu_hcif_esco_connection_chg_evt of btu_hcif.cc caused by a missing bounds check. This enables local information disclosure with system-execution privileges needed; no user interaction required. Connected sources con...
CVE-2020-0150
CVE-2020-0150 is tied to Android 10 and affects the rw_t3t_message_set_block_list path in rw_t3t.cc, where a missing bounds check can cause an out-of-bounds write. This leads to local escalation of privilege with no additional execution privileges required and no user interaction needed, per NVD ...
CVE-2020-0156
CVE-2020-0156 affects Android 10 and points to an out-of-bounds read in the NxpNfc::ioctl path of NxpNfc.cpp caused by a missing bounds check. The issue enables local information disclosure with user privileges; exploitation does not require user interaction but is local in nature. CVSS metrics i...
CVE-2020-0168
CVE-2020-0168 affects Android 10, with a vulnerability in the Media Framework where impeg2_fmt_conv_yuv420p_to_yuv420sp_uv in impeg2_format_conv.c can trigger an out-of-bounds write due to a missing bounds check. This can enable remote code execution; exploitation is described as requiring user i...
CVE-2020-0175
CVE-2020-0175 affects Android 10 in the Media Framework handling path; the issue is in the XMF_ReadNode function in eas_xmf.c, where improper input validation can cause resource exhaustion leading to a remote Denial of Service with no extra privileges. Exploitation requires user interaction. Publ...
CVE-2020-0220
CVE-2020-0220 corresponds to an out-of-bounds write in the Android kernel driver flow for msm-cirrus playback (crus_afe_callback in msm-cirrus-playback.c). The underlying issue is a missing bounds check in that path, enabling local escalation of privilege with System-level execution privileges re...
CVE-2020-0235
CVE-2020-0235 affects Android’s kernel, specifically the crus_sp_shared_ioctl path where 4 bytes are copied from userdata into the size variable and then used as the size for copy_from_user, overwriting memory following crus_sp_hdr (a static struct crus_sp_ioctl_header). This memory corruption ca...
CVE-2020-0236
CVE-2020-0236 affects Android 10 and specifically the A2DP_GetCodecType path in the a2dp_codec_config. The issue is an out-of-bounds read caused by improper input validation, leading to possible remote information disclosure without extra execution privileges and without user interaction. The vul...
CVE-2020-0266
CVE-2020-0266 affects Android 11 via a factory reset protection (FRP) issue where a missing permission check enables a local elevation of privilege. Exploitation is described as requiring local access with no user interaction; no detailed exploit vectors are provided in the excerpts. The impact i...
CVE-2020-0272
CVE-2020-0272 affects Android 11 components: libhwbinder. The bug is described as an information disclosure caused by uninitialized data in libhwbinder, enabling local information disclosure with system privileges; no user interaction is required. Connected sources (Red Hat, NVD, CVE lists, NCSC)...
CVE-2020-0297
CVE-2020-0297 affects Android 11 and is tied to the devicepolicy service. The vulnerability is a permission bypass caused by an unsafe PendingIntent, enabling local information disclosure with no user interaction (local, requires user privileges). Public sources in the connected documents confirm...
CVE-2020-0310
Affected software: Android 11 (Settings). The vulnerability CVE-2020-0310 arises from an unsafe PendingIntent that enables a permission bypass, leading to local information disclosure with no user interaction required. Root cause: unsafe PendingIntent handling in Settings. Impact: local informati...
CVE-2020-0315
CVE-2020-0315 affects Android 11, specifically Zen Mode, where an unsafe PendingIntent can bypass permissions to cause local information disclosure without user interaction. Root cause: unsafe PendingIntent in Zen Mode. Impact: information disclosure with Android-11 user privileges; CVSS details ...
CVE-2020-0335
The CVE-2020-0335 entry affects Android 11 via the NFC subsystem. The root cause is an out-of-bounds write caused by a missing bounds check in NFC handling, enabling local escalation to System privileges and potentially firmware compromise. The vulnerability is annotated as requiring no user inte...
CVE-2020-0361
CVE-2020-0361 affects Android 11 via the libDRCdec information-disclosure flaw. The root cause is uninitialized data in libDRCdec, enabling remote information disclosure with no execution privileges required; exploitation requires user interaction per the CVSS vector. Connected sources corroborat...
CVE-2020-0475
CVE-2020-0475 affects Android 11 where in WindowManagerService.createInputConsumer there is a missing permission check, enabling a local elevation of privilege by intercepting input events. Exploitation requires user interaction; no remote access assumed. Public sources (Red Hat, NVD, CVE lists) ...
CVE-2020-0490
CVE-2020-0490 affects Android 11. The issue is in floor1_info_unpack of floor1.c and stems from a missing bounds check, causing an out-of-bounds read that can disclose information. Exploitation requires user interaction. The impact is information disclosure with no additional execution privileges...
CVE-2020-10832
The CVE-2020-10832 entry describes a vulnerability in Samsung mobile devices with P(9.0) Exynos chipsets where Kernel Wi-Fi drivers allow out-of-bounds Read/Write operations (buffer overflow). This affects the kernel Wi-Fi subsystem and is tied to several Samsung internal IDs (SVE-2019-16125, 161...
CVE-2021-0364
CVE-2021-0364 affects Android (Android-10 and Android-11) due to a command-injection vulnerability in mobile_log_d caused by improper input validation. The issue can enable local escalation of privileges with System execution privileges required and does not require user interaction. Patch ALPS05...
CVE-2021-0454
CVE-2021-0454 affects the Citadel chip firmware via an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation with System execution privileges required and no user interaction. In Google Pixel/Android contexts, this vulnerability is mapped to Titan M components ...
CVE-2021-0490
CVE-2021-0490 affects Android’s memory management driver (MediaTek memory management driver) and describes an out-of-bounds write due to a missing bounds check that could enable local elevation of privilege with no user interaction. The issue is documented across sources including NVD and the 202...
CVE-2021-0493
CVE-2021-0493 is an Android memory management driver vulnerability described as an out-of-bounds write caused by a missing bounds check. The affected component is the memory management driver in Android, with potential local escalation of privilege and no additional execution privileges needed. T...
CVE-2021-0533
CVE-2021-0533 affects the Android memory management driver (Memory management on Android SoC) and is caused by a race condition that can lead to memory corruption. The documented impact is local escalation of privilege with no additional execution privileges required and no user interaction neede...
CVE-2021-0676
CVE-2021-0676 pertains to the geniezone driver, where an incorrect bounds check enables a possible out-of-bounds read . This could lead to local information disclosure with the attacker obtaining System execution privileges; exploitation requires no user interaction. Multiple sources (NVD, Red Ha...
CVE-2021-0898
In APUsys (MediaTek Apusys), CVE-2021-0898 describes a memory corruption via a use-after-free in the apusys component that can enable local escalation of privilege with System execution privileges required and no user interaction. Affected: apusys; root cause: use-after-free leading to memory cor...
CVE-2021-0900
The CVE-2021-0900 entry concerns the MediaTek apusys component, with an out-of-bounds read due to an incorrect bounds check. This could enable local information disclosure and requires System privileges for exploitation, with no user interaction needed. Documents consistently describe the affecte...
CVE-2021-1040
CVE-2021-1040 describes an elevation-of-privilege vulnerability in Android where, in onCreate of BluetoothPairingSelectionFragment.java, a tapjacking/overlay attack could enable local escalation of privilege without requiring extra execution privileges. Affected products/versions include Android ...
CVE-2021-22492
CVE-2021-22492 concerns a buffer overflow in the Bluetooth UART driver on Samsung mobile devices using Broadcom Bluetooth chipsets (O(8.x), P(9.0), Q(10.0)). The issue stems from the UART driver handling data unsafely, leading to potential memory corruption. CVSS data from NVD indicates a base sc...
CVE-2021-25429
Technical details (affected product/versions/root cause/exploit status) are not publicly available in the provided documents. Monitor for updates from NVD/Red Hat and security advisories.
CVE-2021-25451
CVE-2021-25451 affects Android’s NetworkPolicyManagerService where a PendingIntent hijack can lead to exposure of IMSI data. The vulnerability is local, requiring user interaction, with a low-moderate CVSS (3.3 on 3.1, base score 3.3; confidentiality impact: Low). Root cause stated: manipulation ...
CVE-2021-25475
Summary of CVE-2021-25475 : The issue is a heap-based buffer overflow in the DSP kernel driver, before Samsung SMR Oct-2021 Release 1. This flaw can lead to arbitrary memory writes and code execution within the kernel context on affected Samsung devices. Affected component: DSP kernel driver. Roo...
CVE-2022-20312
In Android 13, the WifiP2pManager can leak the device’s WiFi P2P MAC address without user consent due to a missing permission check. This enables local information disclosure with a Local attack vector and no user interaction required. Affected component: WifiP2pManager in Android 13. Root cause:...
CVE-2022-20320
CVE-2022-20320 affects Android 13 and involves the ActivityManager. The issue enables a local attacker to infer whether an app is installed without query permissions, via a side-channel information disclosure. The exploitation is described as requiring local access (no user interaction) and not n...
CVE-2022-20342
CVE-2022-20342 affects Android 13. An insecure default in WiFi could disclose the WiFi password to the end user, enabling local information disclosure without extra privileges or user interaction. The issue is categorized under Android 13 security release notes; no exploitation details or active ...
CVE-2022-20429
CVE-2022-20429 affects Android’s CarSettings component across Android-10/11/12/12L. The issue enables a local elevation of privilege in Bluetooth settings via a confused deputy, requiring no user interaction and permitting an adjacent attacker with no privileges to exploit (per the referenced NVD...
CVE-2022-32611
CVE-2022-32611 concerns MediaTek’s isp component. The vulnerability is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with System execution privileges required. Exploitation reportedly does not require user interaction. A patch is referenced (Patc...
CVE-2022-32615
CVE-2022-32615 concerns an out‑of‑bounds write in the ccd component caused by uninitialized data, enabling local privilege escalation with system execution privileges required. No user interaction is needed. The vulnerability details are supported by multiple sources in the provided documents, wi...
CVE-2022-32629
CVE-2022-32629 affects the isp component and is caused by a missing bounds check that enables an out-of-bounds write. This can lead to local escalation of privilege with system execution privileges required; exploitation does not require user interaction. The entry lists a patch reference: ALPS07...
CVE-2022-38675
CVE-2022-38675 concerns a defect in the GPU driver where a missing bounds check enables a local out-of-bounds write, potentially causing a local denial of service in the kernel. The description across multiple sources agrees on the kernel impact and local attack vector, with CVSS v3.1 metrics ind...
CVE-2022-39093
CVE-2022-39093 describes a missing permission check in the power management service that can allow a setup of the service without additional execution privileges. The vulnerability is characterized as local, with low attack complexity and no user interaction, and has a CVSS v3.1 base score of 7.8...
CVE-2022-39104
Summary (validated): CVE-2022-39104 affects the Contacts service, where a missing permission check could allow local denial of service without requiring additional execution privileges. The CVSS 3.1 base metrics indicate a Medium severity with Local attack vector and Availability impact. No expli...
CVE-2022-39110
CVE-2022-39110 describes a missing permission check in the Music service that could allow elevation of privilege with no additional execution privileges required. The vulnerability is identified across multiple sources (NVD, Red Hat, CVE lists, PRION, CNNVD, etc.), all reiterating the same issue:...
CVE-2022-39850
CVE-2022-39850: The issue is an improper access control in Samsung’s mum_container_policy service, present prior to SMR Oct-2022 Release 1, allowing an unauthorized read of configuration data. Affected product area is Samsung mobile devices; root cause is inadequate access checks in the mum_conta...
CVE-2022-39854
CVE-2022-39854 pertains to Samsung devices with the IOMMU in the SMR Oct-2022 Release 1, where improper protection in the IOMMU could allow unauthorized access to secure memory. The root cause is described as insufficient protection in IOMMU prior to the SMR Oct-2022 Release 1. Affected remediati...
CVE-2022-39894
CVE-2022-39894 affects Samsung Phone’s ContactListStartActivityHelper. The issue is an improper access control that can expose sensitive information via an implicit intent in versions prior to the SMR Dec-2022 Release 1. Public sources (NVD/Red Hat/CNNVD/PT-Security) describe the vulnerability as...
CVE-2022-47351
CVE-2022-47351 affects the camera driver and involves a missing bounds check that enables an out-of-bounds read. This can lead to a local denial of service with System execution privileges required. The issue is documented across NVD/Red Hat databases with a CVSS v3.1 base score of 4.4 (MEDIUM) a...
CVE-2022-48375
CVE-2022-48375 concerns the UNISOC chipsets’ contacts service module, where a missing permission check may allow a local attacker to cause a denial of service with no additional privileges. The available documents consistently describe the issue as a local impact vulnerability due to insufficient...
CVE-2022-48388
The CVE-2022-48388 entry concerns UNISOC Chipsets’ powerEx service module. The vulnerability arises from a missing permission check in the powerEx service, enabling local escalation of privilege with no additional execution privileges. Affected component: powerEx service on UNISOC chipsets. Impac...
CVE-2023-20651
CVE-2023-20651 concerns the MediaTek apu component, where a missing bounds check enables an out-of-bounds read. This could lead to local information disclosure with System execution privileges needed; no user interaction is required. Public details consistently identify the vulnerability in apu a...