8153 matches found
CVE-2023-40642
CVE-2023-40642 concerns a missing permission check in Messaging that could allow local information disclosure without requiring additional execution privileges. The available sources consistently describe the issue as a permissions check gap in Messaging, enabling access to sensitive information ...
CVE-2023-42634
CVE-2023-42634 concerns a vulnerability in the validationtools component. The issue is a missing permission check that can allow local information disclosure without requiring additional execution privileges. Documents consistently describe it as a local information disclosure risk without specif...
CVE-2023-42635
Technical details about CVE-2023-42635 are not publicly provided in the supplied documents; monitor for updates.
CVE-2023-42645
The CVE-2023-42645 entry concerns a missing permission check in the sim service that allows writing permission usage records, leading to local information disclosure without extra execution privileges. Public data (NVD) assigns LOCAL attack vector, LOW privileges required, and HIGH confidentialit...
CVE-2023-42750
CVE-2023-42750 affects the gnss service in UNISOC chipsets, caused by a missing bounds check that enables a local out-of-bounds write. This can lead to local denial of service and requires System execution privileges. Available connected sources corroborate the same root cause and impact across m...
CVE-2023-52351
The CVE-2023-52351 issue affects the ril service in UNISOC chipsets, caused by a missing bounds check that enables an out-of-bounds write. This could lead to local denial of service with System execution privileges required. Affected component: ril service (UNISOC). Impact is described as local D...
CVE-2024-20119
The CVE-2024-20119 issue is in MediaTek’s mms component and stems from an incorrect bounds check causing an out-of-bounds write. This can lead to local escalation of privilege with SYSTEM execution privileges required; no user interaction is needed. Patch ID ALPS09062301; Issue ID MSV-1620 is ref...
CVE-2024-20136
CVE-2024-20136 describes a potential out-of-bounds read in the component named “da” due to a missing bounds check, which could lead to local information disclosure without requiring user interaction. The impact is limited to confidentiality (high) with no indicated impact on integrity or availabi...
CVE-2026-0076
CVE-2026-0076 describes an out-of-bounds read in validateNode of ResourceTypes.cpp, caused by an incorrect bounds check. This could enable local privilege escalation with no user interaction, per the included descriptions. Connected sources repeat this detail across multiple feeds (NVD/EUVD) with...
CVE-2014-9789
The CVE-2014-9789 issue affects the Qualcomm arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c code in Android on Nexus 5 prior to the 2016-07-05 patch level. The vulnerability stems from insufficient validation of parameters in the (1) alloc and (2) free APIs, enabling a crafted application to gain priv...
CVE-2014-9792
CVE-2014-9792 overview (normal mode) Affected software: Android on Nexus 5 devices (qualcomm components) prior to the 2016-07-05 patch. What is vulnerable: arch/arm/mach-msm/ipc_router.c in Qualcomm components contains an incorrect integer data type. Root cause: the mismatch/incorrect integer typ...
CVE-2014-9799
CVE-2014-9799 concerns Android on Nexus 5 and 7 (2013) devices before 2016-07-05, where a Qualcomm makefile omits -fno-strict-overflow, potentially enabling local privilege escalation via crafted apps that exploit incorrect compiler optimization of an integer-overflow protection mechanism. The is...
CVE-2014-9889
CVE-2014-9889 affects Android on Nexus 5, where drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c does not validate CPP frame messages, enabling privilege escalation via a crafted app. Root cause: lack of CPP frame message validation in Qualcomm component. Impact stated: attacker could gai...
CVE-2014-9898
CVE-2014-9898 affects Android on Nexus 5 and Nexus 7 (2013) devices due to a flaw in arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c where input parameters are not properly validated. This enables a crafted application to obtain sensitive information. The issue is associated with Android internal bug ...
CVE-2014-9962
Technical details about CVE-2014-9962 are not publicly available in the provided connected documents. The initial description notes a DRM provisioning command parsing issue in CAF Android with the Linux kernel, but no specifics on affected versions, impact, or fixes are provided. Monitor for upda...
CVE-2015-3829
CVE-2015-3829 is an Android Stagefright vulnerability caused by an off-by-one error in MPEG4Extractor::parseChunk (libstagefright) that can allow remote code execution or memory corruption via crafted MPEG-4 covr atoms with size SIZE_MAX. Affected software: Android versions prior to 5.1.1 LMY48I....
CVE-2015-3831
CVE-2015-3831 affects Android mediaserver, specifically the BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp. The readAt function may overflow a buffer when processing data provided by another application, leading to memory corruption and potential code execution within the medias...
CVE-2015-3843
The CVE-2015-3843 entry concerns the Android SIM Toolkit (STK) framework prior to 5.1.1 LMY48I. Affected component: STK within Android, related to com/android/internal/telephony/cat/AppInterface.java (internal bug 21697171). Impact: an unprivileged app can intercept or emulate unspecified Telepho...
CVE-2015-3863
CVE-2015-3863 affects the Android Keystore component: multiple integer overflows in the Blob class (keystore/keystore.cpp) allow an app that uses a crafted blob in an insert operation to execute arbitrary code and read arbitrary Keystore keys. Affected: Android versions prior to 5.1.1 (LMY48M). R...
CVE-2015-3878
The CVE-2015-3878 issue affects the Media Projection component in Android 5.x (before 5.1.1 LMY48T) and Android 6.0 (before the 2015-10-01 patch). A vulnerability arises when an application uses an excessively long name, which can bypass the screen-recording warning and allow a local attacker to ...
CVE-2015-8073
CVE-2015-8073 concerns the Android mediaserver. The connected sources confirm a memory-corruption vulnerability in mediaserver that affects Android 4.4 and 5.1 prior to 5.1.1 LMY48X, with remote code execution or denial of service possible via a crafted media file. The root cause is described as ...
CVE-2015-8951
Technical details are not publicly available in the provided connected documents. The CVE entry mentions use-after-free in the Qualcomm sound driver affecting Nexus devices, but no concrete vendor/version/fix details are supplied here. Monitor for updates.
CVE-2015-9007
Technical details for CVE-2015-9007 are not publicly available in the provided documents. No specifics on affected components, root cause, impact, or remediation are provided here. Monitor for updates.
CVE-2015-9008
CVE-2015-9008 is an elevation-of-privilege vulnerability in Qualcomm closed‑source components used by Android kernel (Android ID A-36384689). The issue is described as a privilege escalation in Qualcomm components; no public exploitation details are provided in the connected docs. Remediation is ...
CVE-2015-9012
CVE-2015-9012 describes an elevation of privilege in Qualcomm closed‑source components within Android, affecting the Android kernel. The linked records consistently identify the issue as a privilege escalation vulnerability in Qualcomm components used by Android devices, with no public exploit de...
CVE-2015-9030
CVE-2015-9030 describes an authentication bypass in Android CAF builds that use the Linux kernel, via misused Hypervisor API. Affected: Android devices with CAF/Linux Kerenel stack; vulnerable component: Hypervisor API. Root cause: improper handling of Hypervisor API calls enabling bypass of auth...
CVE-2015-9037
Summary: CVE-2015-9037 refers to a buffer over-read/overflow in Qualcomm closed-source components used in Qualcomm-based Android devices with CAF/Linux kernel, specifically in the downlink 3G NAS message processing. The vulnerability could allow a remote attacker to execute arbitrary code or caus...
CVE-2015-9042
Technical details about CVE-2015-9042 are not publicly available in the connected documents. The description notes a buffer overflow in Qualcomm CAF Android/Linux QMI processing, but no specific fixes or affected versions are provided here; monitor for updates.
CVE-2015-9048
CVE-2015-9048 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel, where the vulnerability is in the processing of lost RTP packets due to input validation issues. The CNVD entry describes an unauthorized operation possibility as the impact. The provided documen...
CVE-2015-9053
CVE-2015-9053 describes a buffer overflow in Qualcomm-provided components used in Android CAF builds on devices with the Linux kernel, specifically in the processing of USIM responses. The vulnerability is located in Qualcomm closed-source components integrated in Android, and the issue could all...
CVE-2015-9070
CVE-2015-9070 describes a buffer over-read vulnerability in the TrustZone syscall of Qualcomm closed-source components used in Android builds (CAF Linux kernel). The issue affects Qualcomm components within Android devices that rely on CAF Linux kernels and TrustZone. The root cause is a buffer o...
CVE-2015-9072
CVE-2015-9072 is described as an untrusted pointer dereference in a Qualcomm TrustZone syscall affecting Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is rated with high/critical impact in CVSS terms (network access, no auth, user interaction not required; co...
CVE-2016-0813
CVE-2016-0813 concerns the Android Setup Wizard: AlternateRecentsComponent.java in Setup Wizard on Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check device provisioning, allowing physically proximate attackers to bypass Factory Reset Protection and delete data vi...
CVE-2016-0844
The CVE-2016-0844 issue affects the Qualcomm RF driver in Android 6.x prior to 2016-04-01. The underlying flaw is improper restriction of socket ioctl calls, enabling a local attacker with a crafted app to execute code with kernel context privileges (privilege escalation). This vulnerability is l...
CVE-2016-10237
CVE-2016-10237 concerns Android/CAF Linux kernel handling of shared content protection memory, passed as the secure camera memory buffer to a trusted application (TA). The description indicates the TA would not detect the issue and would treat the shared memory as secure, reflecting a mislabeling...
CVE-2016-11031
The CVE-2016-11031 entry applies to Samsung mobile devices running Android KK/4.4, L/5.0–5.1, and M/6.0. It involves the AntService component, where an issue can cause the system_server to crash and reboot. Connected sources corroborate the same affected platform and impact; no explicit exploit d...
CVE-2016-11032
CVE-2016-11032 affects Samsung mobile devices running Android 6.0 (Marshmallow); an input-validation error allows an unprotected broadcast intent to disable all Sound functionality. The issue is described across multiple sources (e.g., RH and CNVD) as enabling attackers to silence device audio vi...
CVE-2016-2410
CVE-2016-2410 is a local privilege-escalation vulnerability in the Qualcomm video kernel driver used by Android 6.x. The issue allows a crafted app that gains control over a service capable of invoking the driver to elevate privileges due to an internal bug (26291677). The Android security bullet...
CVE-2016-2415
Technical details for CVE-2016-2415 are not publicly provided in the supplied documents. The available records summarize an information-disclosure vulnerability in Exchange ActiveSync/Autodiscover without specifics on affected products, versions, root cause, or fixes. Monitor for updates.
CVE-2016-2420
CVE-2016-2420 affects Android 4.x up to before 4.4.4, where the Debuggerd component fails to ensure the /data/tombstones directory exists via rootdir/init.rc. This can allow a crafted local app to gain privileges and potentially execute arbitrary code, enabling elevation of privilege from system ...
CVE-2016-2437
CVE-2016-2437 concerns the NVIDIA video driver in Android on Nexus 9 devices. The issue allows a locally executed, crafted application to gain privileges and execute code in the kernel context due to an internal bug (27436822). Public description confirms local privilege escalation with high impa...
CVE-2016-2470
CVE-2016-2470 concerns the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) prior to 2016-06-01. A crafted app could grant privileges via the Wi‑Fi driver, i.e., a local elevation of privilege vulnerability. The Android 2016-06-01 security bulletin notes a patch level of June 01, 2016 or later;...
CVE-2016-2471
The CVE-2016-2471 entry concerns the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) devices prior to 2016-06-01. A crafted application can cause privilege escalation by abusing the Qualcomm Wi‑Fi driver, enabling local code execution with kernel privileges. The Android 2016-06-01 security bul...
CVE-2016-2481
CVE-2016-2481 affects the mm-video-v4l2 venc component in Android Mediaserver. It arises from how Mediaserver mishandles a buffer count, enabling a local attacker to gain privileges (Signature or SignatureOrSystem) via a crafted app. Affected are Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1....
CVE-2016-2486
CVE-2016-2486 affects Android Mediaserver’s libstagefright component (mp3dec/SoftMP3.cpp). The flaw stems from not validating the relationship between allocated memory and the frame size, enabling memory corruption that can be exploited by a crafted Android app to gain privileges (Signature or Si...
CVE-2016-2492
The CVE-2016-2492 entry describes an elevation-of-privilege in the MediaTek power-management driver on Android devices prior to 2016-06-01, specifically affecting Android One. A local attacker could exploit a crafted application to gain kernel-level privileges. The Android 2016-06-01 security bul...
CVE-2016-3771
The CVE-2016-3771 entry concerns privilege escalation in MediaTek drivers on Android One devices running before 2016-07-05. The root cause is a vulnerability in the MediaTek driver stack that can be exploited by a specially crafted application to gain elevated privileges within the device, aligne...
CVE-2016-3796
CVE-2016-3796 covers an elevation-of-privilege vulnerability in the MediaTek power driver present on Android One devices prior to 2016-07-05. A local attacker could exploit a crafted application to gain privileged execution within the kernel. Public details in the 2016-07-01/07-05 Android bulleti...
CVE-2016-3802
CVE-2016-3802: Privilege-escalation in the Android kernel file system (Nexus 9) due to a fault in the kernel file system implementation. Local attacker could gain privileges via a crafted app. Exploitation status not provided in the documents. The issue is listed in the 2016-07-01/07-05 Android s...
CVE-2016-3808
The CVE-2016-3808 issue affects the Android SPI driver on Pixel C devices, where the SPI driver allows a crafted application to escalate privileges. The root cause is an elevation-of-privilege flaw in the serial peripheral interface driver, reported as internal bug 28430009. Public sources descri...