8153 matches found
CVE-2022-48375
CVE-2022-48375 concerns the UNISOC chipsets’ contacts service module, where a missing permission check may allow a local attacker to cause a denial of service with no additional privileges. The available documents consistently describe the issue as a local impact vulnerability due to insufficient...
CVE-2022-48388
The CVE-2022-48388 entry concerns UNISOC Chipsets’ powerEx service module. The vulnerability arises from a missing permission check in the powerEx service, enabling local escalation of privilege with no additional execution privileges. Affected component: powerEx service on UNISOC chipsets. Impac...
CVE-2023-20651
CVE-2023-20651 concerns the MediaTek apu component, where a missing bounds check enables an out-of-bounds read. This could lead to local information disclosure with System execution privileges needed; no user interaction is required. Public details consistently identify the vulnerability in apu a...
CVE-2023-20704
The CVE-2023-20704 involves the apu component in MediaTek chips, where a missing bounds check can trigger an out-of-bounds read and local information disclosure without requiring user interaction. Affected element: apu on MediaTek hardware. Root cause: bounds-check omission leading to memory read...
CVE-2023-20706
CVE-2023-20706 affects the MediaTek apu module. The issue is an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with no user interaction and no additional privileges required. Exploitation details or active exploit status are not provided in the document...
CVE-2023-20709
CVE-2023-20709 affects the keyinstall module in MediaTek systems. The issue is an out-of-bounds read caused by a missing bounds check, leading to potential local information disclosure and requiring System execution privileges for exploitation. User interaction is not needed. References to patche...
CVE-2023-20795
The CVE-2023-20795 entry describes a vulnerability in the ril module (MediaTek-based environments) where a missing bounds check enables an out-of-bounds write. This can lead to local privilege escalation with System execution privileges required, and exploitation does not require user interaction...
CVE-2023-21230
CVE-2023-21230 affects Google Wear OS / Android framework. A precondition check failure in the onAccessPointChanged method of AccessPointPreference.java could allow unprivileged apps to receive broadcasts about WiFi access point changes (including BSSID/SSID), enabling local information disclosur...
CVE-2023-21327
CVE-2023-21327 relates to a side-channel information disclosure in Android’s Permission Manager, enabling an attacker to determine if an app is installed without query permissions. The vulnerability allows local information disclosure with no extra execution privileges and requires no user intera...
CVE-2023-21370
CVE-2023-21370 is an elevation-of-privilege flaw in the Android Security Element API. The root cause is an integer overflow that enables an out-of-bounds write, leading to local privilege escalation with System privileges. Exploitation requires no user interaction. The affected component is the S...
CVE-2023-21372
CVE-2023-21372 concerns a vulnerability in libdexfile where a missing bounds check allows an out-of-bounds read, enabling local elevation of privilege without user interaction. The issue affects Android’s libdexfile component and is classified as a local EoP (MITRE ambiguous, but Android bulletin...
CVE-2023-21380
CVE-2023-21380 is a Bluetooth heap buffer overflow in Android that can enable local elevation of privilege with SYSTEM execution when exploited without user interaction. The vulnerability is listed in Android 14 security release notes and associated with an out-of-bounds write in Bluetooth. Affec...
CVE-2023-30914
Technical details about CVE-2023-30914 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2023-32817
CVE-2023-32817 affects the gnss service. The issue is an out-of-bounds read caused by improper input validation, leading to local information disclosure with system execution privileges required. Exploitation does not require user interaction. A patch is available: ALPS08044040 (Issue ALPS0804403...
CVE-2023-32855
CVE-2023-32855 describes a privilege-escalation defect in the aee module (MediaTek context) caused by a missing permission check, enabling local escalation to System privileges without user interaction. Exploitation status is not detailed in the provided documents. A fix is referenced as Patch ID...
CVE-2023-32879
The CVE-2023-32879 entry is connected to MediaTek devices, specifically a vulnerability in the battery module where a missing bounds check allows an out-of-bounds write. This leads to local escalation of privilege with System-level execution privileges required, and exploitation is not shown as r...
CVE-2023-33884
CVE-2023-33884 reflects a vulnerability in the telephony service where a missing privilege check enables local information disclosure without extra execution privileges. The issue affects UNISOC chipsets (examples include SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T616/T770/T820/S8000 and r...
CVE-2023-42635
Technical details about CVE-2023-42635 are not publicly provided in the supplied documents; monitor for updates.
CVE-2023-42648
CVE-2023-42648 affects UNISOC chipsets in engineermode, where a missing permission check can lead to local information disclosure without requiring elevated privileges. The available connected documents confirm the root cause (in engineermode) and the potential impact (local information disclosur...
CVE-2023-44126
The CVE-2023-44126 issue concerns the Android Call management component (com.android.server.telecom) patched by LG. The vulnerability arises because LG’s patch sends a large number of LG-owned implicit broadcasts that disclose sensitive telephony data to all third-party apps on the same device. T...
CVE-2023-52351
The CVE-2023-52351 issue affects the ril service in UNISOC chipsets, caused by a missing bounds check that enables an out-of-bounds write. This could lead to local denial of service with System execution privileges required. Affected component: ril service (UNISOC). Impact is described as local D...
CVE-2024-20016
Inged ged module, CVE-2024-20016 involves a possible out-of-bounds write caused by an integer overflow, leading to local denial of service with system execution privileges required and no user interaction. Patch ID ALPS07835901 is noted; issue ID ALPS07835901. Red Hat and other feeds corroborate ...
CVE-2024-20098
The CVE-2024-20098 issue concerns Power module boundary checks: a possible out-of-bounds write may enable local escalation of privilege with System execution privileges required, and no user interaction is needed. Multiple connected sources (NVD, Red Hat, OSV, CVE lists, PT Security, CNNVD) corro...
CVE-2024-20114
CVE-2024-20114 affects the ccu component (MediaTek CCU family). It describes a possible out-of-bounds write caused by a missing bounds check, potentially enabling local escalation of privilege with System execution privileges. Exploitation requires no user interaction per the description. The pat...
CVE-2024-20123
In vdec, a vulnerability described as an out-of-bounds read from improper structure design could cause local information disclosure with system execution privileges required. Notably, exploitation requires no user interaction, and the issue is associated with Patch ID ALPS09008925 and Issue MSV-1...
CVE-2024-56191
The CVE-2024-56191 issue affects Google Pixel Watch, rooted in an integer overflow in dhd_process_full_gscan_result (dhd_pno.c). The vulnerability allows local elevation of privilege without additional execution privileges and does not require user interaction. Affected component/file: dhd_pno.c ...
CVE-2026-0076
CVE-2026-0076 describes an out-of-bounds read in validateNode of ResourceTypes.cpp, caused by an incorrect bounds check. This could enable local privilege escalation with no user interaction, per the included descriptions. Connected sources repeat this detail across multiple feeds (NVD/EUVD) with...
CVE-2026-0078
CVE-2026-0078 affects Android’s DevicePolicyManagerService (setGlobalProxy). The issue is a desync in persistence caused by improper input validation, enabling local privilege escalation with no extra execution privileges required. Exploitation is described as local and does not require user inte...
CVE-2014-0900
CVE-2014-0900 affects the Android Device Administrator code prior to 4.4.1_r1. The root cause is the failure to update the mAdminMap data structure, which may allow an attacker to spoof device administrators and thereby bypass Mobile Device Management (MDM) restrictions. Documents indicate the im...
CVE-2014-9896
Technical details (affected product/component, root cause, impact, fix) are not publicly provided in the connected documents. Please monitor for updates from official advisories to obtain confirmed remediation guidance.
CVE-2014-9910
CVE-2014-9910 is a local elevation-of-privilege in the Broadcom Wi‑Fi driver on Android that could allow a malicious local app to run code in kernel context. The issue requires compromising a privileged process and affects Android, with no specific patch version or remediation provided in the sup...
CVE-2014-9928
Technical details are not publicly available in the provided documents. Monitor for updates and new disclosures regarding CVE-2014-9928.
CVE-2014-9948
CVE-2014-9948 is described as an Improper Validation of Array Index vulnerability in TrustZone across CAF Android releases that use the Linux kernel. The affected component is TrustZone; the root cause is improper validation of an array index. The CVSS3 metrics indicate a HIGH-severity, with a ba...
CVE-2014-9954
CVE-2014-9954 is an elevation of privilege vulnerability in Qualcomm closed‑source components used by Android. Affected product: Android kernel. Root cause details are not fully disclosed in the provided documents, but the NVD entry lists an elevation of privilege impact with a as‑is Android kern...
CVE-2014-9966
CVE-2014-9966 describes a TOCTOU race condition in Android CAF Secure Display implemented in the Linux kernel used by Android. The vulnerability affects Android releases using CAF’s Linux kernel and Secure Display, with impact on confidentiality, integrity, and availability as reflected in CVSS (...
CVE-2014-9968
CVE-2014-9968 is a buffer‑overflow in the Qualcomm UIMDIAG interface found in Qualcomm closed‑source components included with Android CAF builds using the Linux kernel. Multiple connected sources describe a vulnerable UIMDIAG path in Qualcomm components and flag the issue as a potential for arbit...
CVE-2015-0576
CVE-2015-0576 describes a buffer overflow in the HSDPA component used by Qualcomm in Android CAF/Linux kernel implementations. Connected sources corroborate a Qualcomm HSDPA buffer overflow affecting CAF-based Android releases, with CNVD noting potential arbitrary-code execution or denial of serv...
CVE-2015-3854
CVE-2015-3854 affects Android 5.x; the vulnerability exists in PowerNotificationWarnings.java within the Android SystemUI power package. A broadcast intent using the PNW.stopSaver action can bypass the DEVICE_POWER permission requirement, enabling local access to perform restricted actions. The i...
CVE-2015-8595
Connected sources tie CVE-2015-8595 to a Qualcomm closed‑source DRM issue in Android CAF using the Linux kernel. CNVD-2017-26645 describes a buffer overflow in the digital television/digital radio DRM of the Qualcomm component, capable of enabling arbitrary code execution or DoS. The available do...
CVE-2015-8892
CVE-2015-8892 affects the Qualcomm components in Android on Nexus 5X and 6P, where platform/msm_shared/boot_verifier.c can bypass intended access restrictions by using a digest with trailing data. The issue pertains to Android versions prior to 2016-07-05 and is referenced in Android/Qualcomm bug...
CVE-2015-8939
CVE-2015-8939 concerns a privilege-escalation flaw in the Qualcomm video driver used by Android on Nexus 7 (2013) . The issue stems from the driver file drivers/video/msm/mdp4_util.c , where data for the red/green/blue stages is not validated, enabling a local attacker with a crafted app to gain ...
CVE-2015-8943
CVE-2015-8943 affects Qualcomm/mdss mdss_mdp_util.c in Android on Nexus 5 prior to 2016-08-05. The root cause is that the code does not verify the existence of a mapping before unmapping, enabling privilege escalation via a crafted app. Connected sources (CNVD-2016-06202, Ubuntu/OSV entries, NVD ...
CVE-2015-9006
Technical details for CVE-2015-9006 are not publicly available in the provided documents. Monitor for updates.
CVE-2015-9007
Technical details for CVE-2015-9007 are not publicly available in the provided documents. No specifics on affected components, root cause, impact, or remediation are provided here. Monitor for updates.
CVE-2015-9022
Technical details about CVE-2015-9022 are not provided in the supplied documents. The description notes TOCTOU race conditions in TZ APIs on CAF Android/Linux kernel; no patch version or affected components specified here. Monitor for updates.
CVE-2015-9027
CVE-2015-9027 concerns an untrusted pointer dereference in WideVine DRM within Android CAF builds that use the Linux kernel. Per the NVD entry, the issue affects WideVine DRM and is rated with a high impact (CVSSv3: 7.8, Local attack vector, user interaction required; CVSSv2: 9.3). The connected ...
CVE-2015-9040
Technical details (affected product/version, root cause, exploitability) for CVE-2015-9040 are not publicly provided in the connected documents; monitor for updates.
CVE-2015-9066
CVE-2015-9066 describes a buffer overflow in the Inter-RAT procedure affecting Qualcomm components in Android CAF builds using the Linux kernel. Public sources flag it as a high-severity issue with potential remote code execution (CVSS ~9.8/10), but the provided documents do not specify affected ...
CVE-2016-0827
The CVE-2016-0827 issue affects Android mediaserver’s libeffects across Android 4.x (before 4.4.4), 5.x (before 5.1.1 LMY49H), and 6.x (before 2016-03-01). The root cause is multiple integer overflows in libeffects (notably in EffectBundle.cpp and EffectReverb.cpp) that can allow a crafted applic...
CVE-2016-0838
CVE-2016-0838 affects Sonivox in mediaserver on Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-04-01. The flaw occurs when mediaserver’s Sonivox component does not check for a negative number of samples, allowing remote attackers to execute arbitrary code or ...