8153 matches found
CVE-2021-39670
CVE-2021-39670: In Android, the setStream method of WallpaperManager.java can trigger a permanent DoS via improper input validation, requiring local access and no user interaction. Affected: Android 12 and Android 12L (Android ID A-204087139). The issue is described across multiple sources (NVD/N...
CVE-2021-39696
CVE-2021-39696 affects Android (10–12) via Task.java, enabling local privilege escalation (confused deputy) with no extra execution privileges; exploitation requires user interaction. CVSS3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base score 7.8 (High). The vulnerability is documented in Android s...
CVE-2021-39798
CVE-2021-39798 affects Google Android 12 and Android 12L. The flaw is in Bitmap_createFromParcel (Bitmap.cpp) where a missing bounds check enables arbitrary code execution, leading to local escalation of privileges with user-level rights and no user interaction required. Exploitation would occur ...
CVE-2022-20452
CVE-2022-20452 affects Android 13 in the BaseBundle.java method initializeFromParcelLocked, where a flaw (confused deputy) can allow arbitrary code execution, enabling local escalation of privilege without extra privileges or user interaction. Related evidence: CVE described in NVD/NV D represent...
CVE-2022-20477
CVE-2022-20477 affects Android 13, due to a logic error in KeyguardNotificationVisibilityProvider.kt (shouldHideNotification) that can cause hidden notifications to be shown. This may enable local elevation of privilege with no extra execution privileges and no user interaction required. Public d...
CVE-2023-21107
CVE-2023-21107 describes an elevation-of-privilege flaw in Android where a missing permission check in retrieveAppEntry(NotificationAccessDetails.java) could allow a local attacker to escalate privileges across user boundaries without extra execution privileges or user interaction. Affected are A...
CVE-2024-40649
Technical details (affected product, version, root cause, exploitability) are not publicly available in the provided documents; monitor for updates.
CVE-2021-39691
CVE-2021-39691 describes a tapjacking risk in Android’s WindowManager caused by an incorrect window flag when processing user input, enabling a local elevation of privilege with user interaction required. Affected: Android 10–12. Exploitation would be local; no remote access indicated. The issue ...
CVE-2022-20228
CVE-2022-20228 affects Android (Android-12/12L) via use-after-free in C2DmaBufAllocator.cpp, causing memory corruption and potential remote information disclosure. Exploitation requires user interaction; no privileges are required beyond normal access. Mitigation: apply Android patch level 2022-0...
CVE-2023-20916
CVE-2023-20916 affects Android 12 and Android 12L. In the LauncherAppsService.getMainActivityLaunchIntent function, there is a reported bypass of restrictions on starting activities from the background due to a missing permission check. This could enable local elevation of privilege with no addit...
CVE-2023-20933
CVE-2023-20933 affects Google Android: a use-after-free in several MediaCodec.cpp functions can lead to memory corruption and local elevation of privilege without extra exploitation steps. Affected are Android 10–13 (including 12L/12). The issue is described as a memory corruption vulnerability i...
CVE-2023-21115
CVE-2023-21115: In Android, the vulnerability stems from a weakness in btm_sec_encrypt_change in btm_sec.cc that allows downgrading the link key type due to improper crypto, enabling paired-device elevation of privilege without user interaction. Affected: Android 11, 12, 12L. Status: remediation ...
CVE-2015-9016
CVE-2015-9016 : In the upstream Linux kernel, the use-after-free race in blk_mq_tag_to_rq (blk-mq.c) can occur when a request was already freed by blk_mq_complete_request . This race enables local escalation of privilege on affected systems, with the Android kernel explicitly mentioned as impacte...
CVE-2020-0110
CVE-2020-0110 affects the Android kernel, with the issue located in psi_write of psi.c. The flaw is an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation without required user interaction. The available documents do not specify exploit details, affected vers...
CVE-2021-39809
CVE-2021-39809 affects Android platforms (Android 10–12, including 12L). The issue resides in avrc_ctrl_pars_vendor_rsp within avrc_pars_ct.cc, where a missing bounds check leads to an out-of-bounds read. This can cause remote information disclosure without requiring user interaction or additiona...
CVE-2022-20223
CVE-2022-20223 affects Android (10–12/12L). Root cause: an obfuscated proxy in AppRestrictionsFragment.java (assertSafeToStartCustomActivity) may allow starting a phone call without required permissions, due to a confused deputy, enabling local elevation of privilege with no extra execution privi...
CVE-2022-20490
CVE-2022-20490 affects Android devices via the file AutomaticZenRule.java, with a vulnerability caused by resource exhaustion that can cause a failure to persist permissions settings. The impact is a local escalation of privilege, requiring local access with no additional execution privileges and...
CVE-2023-20932
CVE-2023-20932 affects Android 10–13 where, in the onCreatePreferences method of EditInfoFragment.java, improper input validation could allow reading contacts belonging to other users. This is an information-disclosure vulnerability with local access and no required user interaction. The issue is...
CVE-2023-40140
CVE-2023-40140: Android component android_view_InputDevice_create (android_view_InputDevice.cpp) has a use-after-free vulnerability that can lead to arbitrary code execution and local escalation of privilege. Impact is local, with no user interaction required. The Android Security Bulletin notes ...
CVE-2020-0429
CVE-2020-0429 affects the Android/Linux kernel in the l2tp_core.c path, specifically the l2tp_session_delete and related functions. The vulnerability enables memory corruption via a use-after-free, which could allow local privilege escalation to SYSTEM. Exploitation is described as local with no ...
CVE-2021-0318
CVE-2021-0318 affects Android and is tied to SensorEventConnection.cpp, where a use-after-free can cause an out-of-bounds write. This leads to local escalation of privilege with no extra execution privileges required and no user interaction. Documented impact covers Android versions 8.1, 9, 10, a...
CVE-2021-39635
CVE-2021-39635 concerns Unisoc’s ims_ex, a vendor system service used to manage VoLTE on Android devices. The root cause is that ims_ex does not verify the caller’s permissions, allowing normal apps without phone permissions to access VoLTE‑sensitive information and to manage VoLTE calls. Various...
CVE-2021-39804
CVE-2021-39804 describes a DoS in Google Android, caused by a missing null check in the reinit path of HeifDecoderImpl.cpp. The flaw can allow a remote persistent denial of service in the file picker with user interaction required and no extra privileges. Affected products/versions include Androi...
CVE-2023-20919
CVE-2023-20919 affects Android 13 (Settings.java: getStringsForPrefix). A logic error could prevent package uninstallation, enabling local elevation of privilege with no user interaction. CVSS v3.1: Local attacker, low privileges, no user interaction, high confidentiality/ integrity/ availability...
CVE-2023-20941
CVE-2023-20941 : In the Android kernel, the function acc_ctrlrequest_composite in f_accessory.c has an out-of-bounds write due to a missing bounds check. This could enable elevation of privilege with user interaction required. The impact is reported as a physical escalation of privilege with high...
CVE-2023-21110
The CVE 2023-21110 entry documents an elevation-of-privilege in Android related to SnoozeHelper.java, enabling a local attacker to gain notification access due to resource exhaustion. Affected products include Android 11, 12, and 12L/13, with a local-exploit path that does not require user intera...
CVE-2021-0339
CVE-2021-0339 is an Android elevation-of-privilege issue found in WindowContainer.java loadAnimation, enabling a malicious app to remain visible while another app is foregrounded. This could allow local privilege escalation with no extra execution privileges; user interaction is required to explo...
CVE-2022-20396
CVE-2022-20396 affects SettingsActivity.java on Android 12L and 13, where a permissions bypass could allow a device to be discovered over Bluetooth without user interaction or required permissions. This enables local elevation of privilege with no additional execution privileges needed, and explo...
CVE-2022-20482
CVE-2022-20482 affects Android 12, 12L, and 13, specifically the NotificationManager.java createNotificationChannel path. The vulnerability stems from a resource exhaustion condition that can be triggered locally, without user interaction, to make the device unusable and potentially require a fac...
CVE-2022-20497
CVE-2022-20497 описывает возможность локального раскрытия информации через неправильное состояние в методе updatePublicMode в NotificationLockscreenUserManagerImpl.java на Android 12–13 (Android-12, Android-12L, Android-13). Уязвимость связана с тем, что в результате некорректного перехода состоя...
CVE-2023-20956
The CVE-2023-20956 entry affects Android 12–13 and is due to an out-of-bounds write in C2SurfaceSyncObj.cpp caused by a missing bounds check. This leads to potential local information disclosure with System-level privileges required; exploitation does not require user interaction. Public referenc...
CVE-2023-21088
The CVE affects Android (Android-12, Android-12L, Android-13) via a logic error in LocationProviderManager.java’s deliverOnFlushComplete, enabling bypass of background activity launch restrictions and leading to local elevation of privilege without extra privileges or user interaction. Affected c...
CVE-2023-40122
CVE-2023-40122 : Affected component is Android’s SaveUi.java (applyCustomDescription). The issue enables a confused deputy to disclose another user’s images via local information disclosure, requiring no additional execution privileges and no user interaction. This is a local vulnerability; no re...
CVE-2021-0870
CVE-2021-0870 describes a memory corruption race condition in RW_SetActivatedTagType (rw_main.cc) that could allow remote code execution with no privileges required and no user interaction. Affected: Android 9, 10, 11, and 8.1. CVSSv3 base score 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Public r...
CVE-2021-39805
The CVE-2021-39805 issue affects Android 12/12L where the l2cble_process_sig_cmd function in l2c_ble.cc may trigger an out-of-bounds read due to a missing bounds check, enabling remote information disclosure over Bluetooth without user interaction. Available details indicate the vulnerability exi...
CVE-2022-20496
CVE-2022-20496 affects Android’s media framework via a vulnerability in the setDataSource function of initMediaExtractor.cpp. The issue is caused by a use-after-free, which could allow arbitrary code execution and/or local information disclosure without user interaction. Affected products include...
CVE-2023-20922
CVE-2023-20922 affects Android 11–13 and targets the Java function PackageManagerService.setMimeGroup, where a crash loop caused by resource exhaustion can lead to a local DoS without user interaction. The vulnerability arises from a resource exhaustion condition in the setMimeGroup path; the imp...
CVE-2023-20929
CVE-2023-20929 involves an information disclosure in Android 13 where the method sendHalfSheetCancelBroadcast in HalfSheetActivity.java can leak nearby Bluetooth MAC addresses via an unrestricted broadcast intent. This enables local information disclosure without extra execution privileges or use...
CVE-2023-21124
CVE-2023-21124 affects the Android System component. It describes an elevation of privilege via unsafe deserialization in the execution of multiple files, with local exploitability and no user interaction. The vulnerability is listed for Android 11–Android 13 (AOSP updated versions 11, 12, 12L, 1...
CVE-2023-21129
CVE-2023-21129 affects Android 11–13 and is described as a BAL bypass in getFullScreenIntentDecision within NotificationInterruptStateProviderImpl.java, enabling a possible activity launch when the app is in the background and potentially allowing local elevation of privilege with no extra execut...
CVE-2023-40120
CVE-2023-40120 is an Android elevation-of-privilege issue caused by improper input validation in multiple locations that bypasses user notification of foreground services. The vulnerability enables local escalation of privilege with no user interaction and is exploitable with local access. Public...
CVE-2024-40677
CVE-2024-40677 concerns the Android shouldSkipForInitialSUW path in AdvancedPowerUsageDetail.java. The issue enables bypassing factory reset protections via a missing permission check, enabling local elevation of privilege with no extra execution privileges required and no user interaction needed...
CVE-2024-43770
CVE-2024-43770 stems from a missing bounds check in the Bluetooth GATT server path (gatts_process_find_info in gatt_sr.cc), causing an out-of-bounds write. This can enable remote code execution on Android devices with no user interaction and without extra privileges. The issue is classified as a ...
CVE-2017-7375
CVE-2017-7375 describes a flaw in the libxml2 parser that allows remote XML entity inclusion when default parser flags are used (no substitution/validation/DTD loading). This XXE can cause access to local files or remote resources (HTTP/FTP) depending on context, potentially expanding the attacke...
CVE-2019-2177
CVE-2019-2177 affects Android 7.1.1–9 (HidProfile.java, isPreferred) where a permissions bypass can cause device type confusion in the System component, enabling remote code execution. The issue is described as a possible RCE with user interaction required for exploitation. The Android Security B...
CVE-2020-0081
CVE-2020-0081 is a local-elevation vulnerability in the Android Framework (AssetManager.java) caused by a double-free leading to memory corruption. Affected: Android 8.0–10; exploit requires local access with no user interaction. Exploitation status is not detailed in the provided documents. Reme...
CVE-2021-0646
CVE-2021-0646 affects Android via an out-of-bounds write in sqlite3_str_vappendf (sqlite3.c) caused by improper input validation. This could enable local privilege escalation if an attacker can inject a printf into a privileged process' SQL; exploitation does not require user interaction. Android...
CVE-2021-39616
CVE-2021-39616 affects Android via the Unisoc component sprd-vowifi; listed as High severity in the 2022-02-05 Android bulletin under Unisoc components. The provided documents do not include exploit details or a specific patched version. No root-cause or impact outside the stated classification i...
CVE-2021-39658
CVE-2021-39658 concerns the ismsEx service (Unisoc Android) which extends the SMS system service. The vulnerability arises because ismsEx does not enforce caller permissions, leading to permission leaks. This allows third‑party apps to arbitrarily modify and set system properties. Reports in conn...
CVE-2021-39808
In CVE-2021-39808, the issue is in Android’s PreferencesHelper.java within createNotificationChannelGroup, where improper input validation can allow a service to run in the foreground without a user notification. This enables local elevation of privilege on Android 10–12, with no additional execu...