8153 matches found
CVE-2020-35548
CVE-2020-35548 affects Finder on Samsung mobile devices running Q(10.0). The issue arises from calling a non-existent provider, which allows an attacker to cause a denial of service. Connected sources corroborate the same description; no explicit remediation or patch details are provided in the s...
CVE-2021-0347
The CVE-2021-0347 entry concerns the Android subsystem component “ccu,” where a missing bounds check enables an out-of-bounds read. This could permit local information disclosure with System privileges required, and would require user interaction to exploit. Affected products/versions explicitly ...
CVE-2021-0361
Technical details about CVE-2021-0361 are not publicly available in the provided connected documents. Monitor for updates; current sources reiterate the same vulnerable description without additional specifics.
CVE-2021-0410
CVE-2021-0410 affects MediaTek’s flv extractor. A faulty bounds check enables an out-of-bounds read that can disclose local information without extra privileges; user interaction is not required. The entry lists patch ALPS05561360 (Issue ALPS05561360). Connected records confirm the issue across m...
CVE-2021-0413
This CVE refers to the MediaTek flv extractor with an out-of-bounds read caused by a missing bounds check. The result is local information disclosure without requiring user interaction. No exploitation details are provided beyond this disclosure risk. A patch/ID is listed as ALPS05561379 (Issue I...
CVE-2021-0491
CVE-2021-0491 affects Android devices via a vulnerability in the memory management driver, specifically in the MTK/Multi-SoC ecosystem referenced in the 2021 Android security landscape. The issue is a missing permission check in the memory management driver, enabling local elevation of privilege ...
CVE-2021-0525
CVE-2021-0525 affects the Android memory management driver. The underlying issue is a use-after-free that enables an out-of-bounds write, leading to local escalation of privilege with no additional execution privileges required and no user interaction. Exploitation status is not detailed in the p...
CVE-2021-0529
CVE-2021-0529 affects MediaTek devices via the MTK memory management driver. The root cause is improper locking, leading to memory corruption and local escalation of privilege with no extra user interaction. Impact is described as local EoP with high severity (per CVSS metrics in sources). The co...
CVE-2021-0532
CVE-2021-0532 affects the Android memory management driver and is caused by a race condition that can lead to memory corruption and local escalation of privilege with no additional privileges or user interaction required. The description is consistent across multiple sources (NVD, Red Hat, CVE li...
CVE-2021-0611
CVE-2021-0611 affects the Mediatek m4u component, where a memory corruption due to a use-after-free condition can cause local escalation of privilege to SYSTEM, with no user interaction required. The entry notes a patch ID ALPS05403499 and an issue ID ALPS05425810 as fixes. Connected documents re...
CVE-2021-0626
CVE-2021-0626 describes a possible out-of-bounds write in ged due to a missing bounds check, potentially enabling local escalation of privilege to System level without user interaction. Multiple connected sources (NVD, Red Hat, CVE lists) confirm the same issue and reference Patch ID ALPS05687510...
CVE-2021-0662
The CVE-2021-0662 entry concerns MediaTek audio DSP with a local privilege-escalation flaw caused by an out-of-bounds write from an incorrect bounds check. Connected documents specify the affected MediaTek audio DSP hardware and firmware, including chip family (MT6779, MT6781, MT6785, MT68xx, MT6...
CVE-2021-0665
CVE-2021-0665 concerns the apusys subsystem. Affected component: apusys (likely MediaTek-based). Root cause: an out-of-bounds read caused by an incorrect bounds check. Impact: local information disclosure with system execution privileges required; no user interaction needed. Exploitation status i...
CVE-2021-0671
CVE-2021-0671 affects the apusys component, where a missing bounds check can cause memory corruption leading to local escalation of privilege with System execution privileges. Exploitation details are not provided in the documents; user interaction is not required. A patch is identified as ALPS05...
CVE-2021-25385
The CVE-2021-25385 entry concerns an input-validation flaw in the libsdffextractor library, specifically in the sdfffd_parse_chunk_PROP() function, which can lead to remote arbitrary code execution on the mediaextractor process. Connected sources confirm the issue affects SamsungLibsdffextractor ...
CVE-2021-25417
CVE-2021-25417 affects the SDP SDK prior to Samsung SMR JUN-2021 Release 1, where improper authorization allows access to internal storage. The vulnerability is documented across multiple sources (NVD entry; Red Hat advisory; PRION; CVE listing; CNNVD) with CVSS v3.1 base score 7.5 (Network, Low ...
CVE-2021-25430
CVE-2021-25430 is an improper access control vulnerability in a Bluetooth application, allowing untrusted apps to access Bluetooth information. Root cause: access-control failure in the Bluetooth component. Impact: confidentiality exposure at a LOW level (C:L) per CVSS3.1 (AV:A, AC:L, PR:N, UI:N,...
CVE-2021-25453
CVE-2021-25453 affects Samsung devices due to improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1. The vulnerability allows untrusted applications to obtain Bluetooth information. Connected sources indicate the issue originates from Bluetooth API access controls, with mitiga...
CVE-2021-25457
The CVE-2021-25457 report concerns a vulnerability in Samsung’s DSP driver prior to the SMR September 2021 Release 1. The issue is an improper input validation that allows a local attacker to obtain a limited amount of kernel memory information, affecting kernel memory confidentiality. Affected c...
CVE-2021-25474
Summary (CVE-2021-25474): Samsung SystemUI prior to SMR Oct-2021 Release 1 contains an improper exception handling for the multi_sim_bar_show_on_qspanel value, enabling a user‑device denial of service once a shell privilege is gained. The issue is triggered in SystemUI and results in a permanent ...
CVE-2021-25486
CVE-2021-25486 concerns an information-disclosure vulnerability in the Samsung ipcdump module, present before SMR Oct-2021 Release 1. The issue allows an attacker to detect device information by analyzing log-packet data. Documents describe vulnerable component (ipcdump) and impact as information...
CVE-2021-25502
CVE-2021-25502 relates to Samsung SMR (System Management Release) before the Nov-2021 Release 1, where sensitive data was stored insecurely in Property Settings, allowing a local attacker to read the ESN value without privileges. Affected product scope is Samsung SMR updates for Android/mobile de...
CVE-2022-26460
The CVE-2022-26460 issue affects the vow component (MediaTek vow) and arises from an incorrect bounds check that enables an out-of-bounds write. This could lead to local privilege escalation with system execution privileges required; no user interaction is needed for exploitation. The entry refer...
CVE-2022-32648
The CVE-2022-32648 entry describes a use-after-free due to a race condition in the disp component, enabling local privilege escalation with SYSTEM privileges and no user interaction. Multiple sources (NVD/Red Hat/PRION/CVE records) confirm the issue and the same patch identifier: ALPS06535964 (Is...
CVE-2022-36842
CVE-2022-36842 involves a heap-based overflow in the prepareRecogLibrary function of libSDKRecognitionText.spensdk.samsung.so on Samsung devices. Affected: libSDKRecognitionText.spensdk.samsung.so (pre-SMR Sep-2022 Release 1). Impact: memory access fault. Root cause: heap overflow in prepareRecog...
CVE-2022-39089
CVE-2022-39089 affects the mlog service, where a missing bounds check allows an out-of-bounds read. This can lead to local denial of service with SYSTEM privileges required. The public documents consistently describe the issue in the mlog service and the resulting impact, but do not provide concr...
CVE-2022-39092
CVE-2022-39092 concerns a missing permission check in the power management service. The vulnerability allows a local attacker with LOW privileges and NO user interaction to set up the power management service without additional execution privileges, yielding HIGH impact to confidentiality, integr...
CVE-2022-39116
The CVE-2022-39116 entry affects the sprd_sysdump driver, where a missing bounds check leads to an out-of-bounds write. The underlying issue can cause local denial of service in the kernel. Multiple sources (NVD, Red Hat, CVE listing) confirm the same description; exploitation details or in-the-w...
CVE-2022-39855
CVE-2022-39855 is a local-improper access-control vulnerability in the FACM application prior to Samsung SMR Oct-2022 Release 1. The issue allows a local attacker to connect to arbitrary AP and Bluetooth devices due to insufficient access controls in FACM. Affected context: Samsung mobile devices...
CVE-2022-39882
CVE-2022-39882 is a heap overflow in the sflacf_fal_bytes_peek function of the libsmat.so library, prior to Samsung SMR Nov-2022 Release 1. The vulnerability allows a local attacker to execute arbitrary code. Affected component is the libsmat.so library; the root cause is a heap overflow in the s...
CVE-2022-42764
The CVE-2022-42764 entry concerns a missing bounds check in the wlan driver, causing a local denial of service in wlan services. Connected sources corroborate the issue as affecting the UNISOC WLAN driver/ chipset with similar wording. The available documents specify the vulnerability but do not ...
CVE-2022-42781
CVE-2022-42781 concerns a missing bounds check in the WLAN driver, leading to local denial of service in WLAN services. The connected records identify the affected component as the WLAN driver (often referenced in UNISOC/UNISOC chipset contexts) and describe the vulnerability as an out-of-bounds ...
CVE-2022-47479
CVE-2022-47479 affects the telephony service. The root cause is a missing permission check, enabling local information disclosure without requiring additional privileges. CVSSv3.1 metrics indicate Local attack vector, Low attack complexity, Low privileges required, and Confidentiality impact High...
CVE-2022-48240
The CVE-2022-48240 entry concerns the UNISOC camera driver. Affected component: camera driver in UNISOC chipsets. Root cause: missing bounds check causing an out-of-bounds write. Impact: local denial of service with System execution privileges required; confidentiality/integrity are not affected ...
CVE-2022-48444
The CVE-2022-48444 entry concerns the telephony service with a missing permission check that could allow a local attacker to cause denial of service without additional execution privileges. This is supported by NVD and Red Hat records, which describe a local, low-privilege, unprivileged-access vu...
CVE-2022-48448
CVE-2022-48448 affects the telephony service and is associated with a missing permission check that could allow a local denial of service without elevating privileges. Across the provided sources (NVD, RH, CVE list, PRION, CNNVD, etc.), the core described impact is local DoS with no additional ex...
CVE-2022-48451
CVE-2022-48451 affects Unisoc Bluetooth service. The issue is a race-condition leading to an out-of-bounds write, enabling local denial of service with System execution privileges. Documents consistently describe the vulnerability as a local issue in the Bluetooth service, without publicly disclo...
CVE-2023-20670
The CVE-2023-20670 entry describes a local out-of-bounds write in audio caused by a missing bounds check, enabling local escalation to System execution privileges without user interaction. The vulnerability is associated with MediaTek audio components and is tied to patch ALPS07648710 (Issue ALPS...
CVE-2023-20680
The connected documents confirm CVE-2023-20680 affects the adsp component and describes an out-of-bounds write caused by improper input validation. This can enable local escalation of privilege with system execution privileges, and exploitation does not require user interaction. The public fix re...
CVE-2023-20693
Summary (CVE-2023-20693) In MediaTek wlan firmware, an uncaught exception can cause a system crash, leading to a remote denial of service without user interaction. The NVD entry lists a network exploit vector with no privileges required and no user interaction, and a high impact to availability. ...
CVE-2023-20787
MediaTek thermal module vulnerability CVE-2023-20787 is a use-after-free caused by a race condition in the thermal management code. It could allow local escalation to SYSTEM privileges without user interaction. Patch ALPS07648734 is noted; no exploitation details are provided in the sources. Refs...
CVE-2023-20808
CVE-2023-20808 affects OPTEE on MediaTek chipsets. The vulnerability is an out-of-bounds write caused by a missing bounds check in OPTEE, enabling local escalation of privileges with System execution privileges required and no user interaction needed. Exploitation status is not detailed in the pr...
CVE-2023-20825
In duraspeed, a missing permission check enables local information disclosure without extra execution privileges or user interaction. Affected component/feature is unspecified in the provided details, and the vulnerability is linked to patch ALPS07951402 (Issue ALPS07951413). Exploitation is desc...
CVE-2023-21340
The CVE-2023-21340 entry describes an information-disclosure vulnerability in the Telecomm component of Android, caused by a missing permission check that allows local access to the call state without extra privileges or user interaction. Exploitation is local and does not require user action; CV...
CVE-2023-33889
CVE-2023-33889 describes a missing permission check in the telephony service that permits local information disclosure with no extra privileges. The NVD entry reports a CVSS v3.1 base score of 5.5 (LOCAL, LOW attack complexity, LOW privileges required, no user interaction, HIGH confidentiality im...
CVE-2023-33903
CVE-2023-33903 affects the FM service and is caused by a missing parameter check, enabling local denial of service with system execution privileges needed. Multiple connected sources corroborate a local impact and privilege requirement, with exploitation details not provided in the supplied docum...
CVE-2023-38468
CVE-2023-38468 documents a vulnerability in the urild service where a missing bounds check enables an out-of-bounds write. The consequence is local denial of service with System execution privileges needed. Public sources describe similar terms across multiple feeds (NVD/Red Hat/CVE records). Aff...
CVE-2023-40634
The CVE-2023-40634 entry describes a local privilege escalation in phasechecksercer/phasecheckserver due to a missing permission check. The impact is local with no additional execution privileges required, but the provided documents do not specify affected products, versions, exploit details, or ...
CVE-2023-40643
CVE-2023-40643 affects the Messaging component. The root cause is a missing permission check, which could allow local information disclosure without requiring additional execution privileges. The CVSS details indicate a Local attack vector, Low attack complexity, Privileges required: Low, with Co...
CVE-2023-40650
CVE-2023-40650 affects the Telecom service and is caused by a missing permission check that can allow local information disclosure without requiring additional execution privileges. Public information in connected sources confirms the issue and its impact, but does not provide product/version spe...