8153 matches found
CVE-2020-0343
CVE-2020-0343 affects Android 11, specifically the NetworkStatsService. Root cause: a missing permission check allows access to protected data, enabling local information disclosure with no extra execution privileges. Exploitation prerequisites: none (user interaction not required). Impact (as st...
CVE-2020-0362
CVE-2020-0362 affects Android 11 and targets the libstagefright component. The issue is a resource exhaustion vulnerability caused by improper input validation, leading to a remote denial of service. Exploitation requires user interaction and is delivered over a network, with the CVSS v3.1 vector...
CVE-2020-0428
CVE-2020-0428 describes a race-condition in CamX code that enables a use-after-free vulnerability, leading to local escalation of privilege to SYSTEM level with no user interaction. Affected software is Android kernel camera components (CamX). The NVD entry lists CVSS2 as 4.4 (LOCAL, MEDIUM) and ...
CVE-2020-0474
CVE-2020-0474 affects Android 11 in the Media framework (HalCamera.cpp, HalCamera::requestNewFrame). It is a use-after-free due to a race condition, enabling local elevation of privilege with no extra execution privileges required. Exploitation is local and does not require user interaction. NVD ...
CVE-2020-0483
CVE-2020-0483 affects DrmManagerService in Android-11. The issue is a memory corruption via a use-after-free in the DrmManagerService destructor (DrmManagerService.cpp), enabling local elevation of privilege with System execution privileges required. User interaction is not needed. The descriptio...
CVE-2020-0486
CVE-2020-0486 affects Android 11 (ContactsProvider2.java) via openAssetFileListener, where an insecure default value enables a permission bypass. This can allow local escalation of privilege to modify contact data with no additional execution privileges and no user interaction. The issue is ackno...
CVE-2020-10837
The CVE-2020-10837 vulnerability affects Samsung mobile devices running P(9.0) and Q(10.0) with TEEGRIS. The issue resides in the Esecomm Trustlet, enabling a stack overflow that can lead to arbitrary code execution. Affected software/component: Esecomm Trustlet within Samsung TEEGRIS on P9.0/Q10...
CVE-2020-10840
Summary: CVE-2020-10840 describes a kernel pointer leak in the vipx driver affecting Samsung mobile devices with Exynos 9610 (P9.0 and Q10.0). The Samsung internal ID is SVE-2019-16293 (February 2020). The Red Hat entry reiterates the same description. What is affected: Samsung mobile devices wit...
CVE-2020-10846
CVE-2020-10846 affects Samsung mobile devices with P(9.x) and Q(10.x) software. The issue enables OEM unlock on KG-enrolled devices, potentially allowing download of unwanted binaries. Samsung ID: SVE-2019-16554. No explicit remediation or exploitation details are provided in the connected docume...
CVE-2020-10854
CVE-2020-10854 concerns information disclosure on Samsung mobile devices running O(8.x), P(9.0), or Q(10.0) software, where kernel stack addresses are leaked to userspace. The issue affects the kernel exposure path and is classified with a high impact in CVSS 3.1 (base score 7.5) and medium in CV...
CVE-2020-11604
CVE-2020-11604 affects Samsung mobile devices running P (9.0) and Q (10.0) with TEEGRIS; the issue is an out-of-bounds read in the MLDAP Trustlet. Connected records confirm the vulnerability details and Samsung’s reference ID SVE-2019-16565. Impact details across sources indicate leakage of infor...
CVE-2020-15578
The CVE-2020-15578 entry concerns Samsung mobile devices running O(8.x) software where the FactoryCamera component does not properly restrict runtime permissions. Affected software is described as Samsung devices with that Android/OS lineage; the root cause is the improper permission restriction ...
CVE-2020-15581
CVE-2020-15581 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue is in the kernel logging feature, which can allow attackers to discover virtual addresses via vectors involving shared memory. The reported impact is partial disclosure of data (confidentiality impact) wi...
CVE-2020-15582
Summary of CVE-2020-15582 : A BLE buffer overflow issue was reported on Samsung mobile devices running P (9.0) and Q (10.0) on Exynos 7885, leading to a deadlock or crash in the Bluetooth Low Energy component. The Samsung internal ID is SVE-2020-16870 (July 2020). Connected documents confirm the ...
CVE-2020-25050
CVE-2020-25050 affects Samsung mobile devices running P(9.0) and Q(10.0). The issue is in the CMC service, which can allow attackers to obtain sensitive information. Affected component is the CMC service on Samsung Android builds; root cause details are not fully disclosed in the provided documen...
CVE-2020-25056
CVE-2020-25056 affects Samsung mobile devices on Q(10.0) (Galaxy S20). Root cause: HAL version checks mishandled bootloading by the S.LSI NFC chipset. Impact: potential security impact described as improper checks; no exploit details provided in the documents. Affected component: HAL in Samsung A...
CVE-2020-25062
CVE-2020-25062 describes a privilege-bypass in LGTelephonyProvider on LG Android devices (9/10). Affected product: LG mobile devices running Android 9–10; root cause: bypass of intended privilege restrictions in LGTelephonyProvider (LG internal ID LVE-SMP-200017). Impact is reported as high to cr...
CVE-2020-27035
CVE-2020-27035 : In Android’s media stack, specifically in priorLinearAllocation() of C2AllocatorIon.cpp, there is a possible use-after-free caused by improper locking. This can lead to local information disclosure in the media codec without additional execution privileges. Affected: Android-11. ...
CVE-2020-27038
CVE-2020-27038 affects Android 11 with a memory-leak in C2SoftVorbisDec.cpp that can exhaust memory and cause remote denial of service. Exploitation requires user interaction; no explicit exploit details are provided in the connected documents. The available sources confirm the DoS impact and the...
CVE-2020-27051
CVE-2020-27051 is an out-of-bounds write caused by an integer overflow in NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc. Affects Android 11; the privilege impact is local with partial confidentiality/integrity/availability, and exploitation requires user interaction. CVSSv3.1 base score 7.8 (HIGH...
CVE-2020-27097
CVE-2020-27097 affects Android 11. The vulnerability exists in UriGrantsManagerService.java (checkGrantUriPermission), enabling a local information disclosure without additional exploitation privileges or user interaction. Concrete impact documented as a permissions bypass that could expose parti...
CVE-2021-0348
The CVE-2021-0348 issue affects Android’s vpu as reported in multiple sources. A missing bounds check enables an out-of-bounds write, leading to local escalation of privilege with System execution privileges required. Impact is noted for Android-9, Android-10, and Android-11. No user interaction ...
CVE-2021-0349
The CVE-2021-0349 entry concerns the Android display driver. A use-after-free in the display driver could cause memory corruption, enabling local privilege escalation with System privileges required for exploitation. No user interaction is needed. Affected products/versions include Android 9–11. ...
CVE-2021-0353
CVE-2021-0353 affects Android 11 via a heap buffer overflow in the kisd component, causing a memory corruption vulnerability. The root cause is heap-based memory corruption leading to local escalation of privilege, requiring system-level privileges for impact; exploitation is described as not req...
CVE-2021-0358
In netdiag, a command-injection flaw exists due to improper input validation. This could enable local escalation to System privileges on Android devices (Android-10/Android-11) with no user interaction required. The issue is described across multiple sources (e.g., NVD/Red Hat) and is associated ...
CVE-2021-0386
CVE-2021-0386 affects Android 11 in the UsbConfirmActivity onCreate, enabling a tapjacking vector due to an insecure default value. The vulnerability could allow local escalation of privilege with user interaction required for exploitation (ATT&CK: Local, UI: Required). The issue is documented ac...
CVE-2021-0414
The CVE-2021-0414 entry relates to MediaTek’s flv extractor, where a heap buffer overflow can cause an out-of-bounds read. This may lead to local information disclosure without requiring user interaction. The available patch/issue identifiers are ALPS05561384 (Patch ID) and ALPS05561384 (Issue ID...
CVE-2021-0449
CVE-2021-0449 : In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data, leading to local information disclosure with System execution privileges required. The vulnerability affects the Titan M component as listed in Android kernel contexts; exploita...
CVE-2021-0452
The CVE-2021-0452 entry concerns the Titan M chip firmware. It describes a stack memory disclosure due to uninitialized data, enabling local information disclosure with system privileges required. Exploitation is described as local with no user interaction needed. The issue is tied to Android ker...
CVE-2021-0463
CVE-2021-0463 concerns Google Android’s kernel component where in convertToHidl (convert.cpp) an out-of-bounds read can occur due to uninitialized data from ReturnFrameworkMessage. This issue may disclose local information without extra execution privileges and requires user interaction to exploi...
CVE-2021-0464
CVE-2021-0464 affects the Android kernel component sound_trigger_event_alloc in platform.h, with a heap buffer overflow causing an out-of-bounds write that could lead to local privilege escalation without user interaction. The linked Red Hat/NVD entries confirm the issue and classify it as Elevat...
CVE-2021-0614
The CVE-2021-0614 entry concerns MediaTek’s asf extractor, where an out-of-bounds read results from an incorrect bounds check. This vulnerability may lead to local information disclosure without requiring user interaction or additional execution privileges. Affected reality is supported by source...
CVE-2021-0630
CVE-2021-0630 affects MediaTek WiFi driver components. The flaw is a missing bounds check in the wifi driver that can cause a system crash, enabling remote denial of service with no additional privileges or user interaction required. Several connected sources (NVD, Red Hat advisories, CVE registr...
CVE-2021-0632
CVE-2021-0632 describes an out-of-bounds read in the Mediatek wifi driver caused by a missing bounds check. The affected component is the wifi driver (Mediatek). Exploitation could enable remote information disclosure to a proximal attacker under certain build conditions, with no user interaction...
CVE-2021-0668
The CVE-2021-0668 entry refers to a memory corruption issue in the apusys component caused by incorrect error handling, enabling local privilege escalation to System level with no user interaction required. Patch ALPS05670521 (Issue ALPS05670521) is noted as a fix. Connected documents (e.g., Red ...
CVE-2021-0894
In CVE-2021-0894, the apusys component contains an out-of-bounds write due to a missing bounds check. This can enable local escalation of privilege to SYSTEM with no user interaction required. Patch ID ALPS05672107 and Issue ID ALPS05672038 are associated remediation details. Exploitation status ...
CVE-2021-25388
Samsung Knox Core CVE-2021-25388 is described as an improper caller check vulnerability that, in Knox Core prior to SMR MAY-2021 Release 1, could let a local attacker install arbitrary third‑party apps. Connected sources (NVD, Red Hat, CNNCVD/CVE lists) corroborate: local access, low complexity, ...
CVE-2021-25414
CVE-2021-25414 affects Samsung Contacts prior to SMR JUN-2021 Release 1. The underlying issue is improper sanitization of an incoming intent in Samsung Contacts, which enables a local attacker to copy or overwrite arbitrary files using Samsung Contacts privileges. The vulnerability implies local,...
CVE-2021-25450
CVE-2021-25450 describes a path traversal vulnerability in FactoryAirCommnadManger present before Samsung SMR Sep-2021 Release 1. An attacker could write files as the system UID via a remote socket by exploiting the vulnerable path handling in the component, leading to potential unauthorized file...
CVE-2021-25455
Summary: CVE-2021-25455 is an OOB read vulnerability in the libsaviextractor.so library, reported to affect the pre-SMR Sep-2021 Release 1. The available descriptions state that an attacker could access an arbitrary memory address via a forged AVI file, via a crafted input, with a local attack ve...
CVE-2021-25481
The CVE-2021-25481 entry concerns Samsung Exynos CPU (Exynos CP) booting driver. It reports improper error handling that allows local attackers to bypass the Secure Memory Protector of Exynos CP Memory prior to SMR Oct-2021 Release 1. Public references in the provided documents corroborate the ex...
CVE-2021-25482
CVE-2021-25482 refers to a SQL injection vulnerability in the CMFA framework, prior to Samsung SMR Oct-2021 Release 1. According to connected sources (NVD, Red Hat, CVE listings, PRION, CNNVD, and others), the issue allows an untrusted application to overwrite some CMFA framework information. The...
CVE-2021-25501
CVE-2021-25501 involves an improper access control flaw in SCloudBnRReceiver within the SecTelephonyProvider. The root cause allows an untrusted application to call some protected providers, with impact described as limited integrity impact and no confidentiality/availability impact per CVSS metr...
CVE-2021-25511
The CVE-2021-25511 issue affects Samsung FilterProvider prior to SMR Dec-2021 Release 1 and is described as an improper validation/path traversal vulnerability that enables an attacker to write arbitrary files. Documents consistently tie this to a path traversal flaw and do not provide exploit co...
CVE-2022-32644
CVE-2022-32644 concerns a race-condition-induced use-after-free in vow, leading to local escalation of privilege with System privileges required. Public documentation consistently describes the vulnerability as local, with no user interaction needed for exploitation. The primary impact is the pot...
CVE-2022-38688
CVE-2022-38688 : The telephony service contains a missing permission check that enables local information disclosure without additional execution privileges. The NVD entry assigns a CVSS v3.1 base score of 5.5 (Local exploit, Low complexity, Low privileges required; Confidentiality impact: High)....
CVE-2022-39122
The CVE-2022-39122 entry describes a vulnerability in a sensor driver where a missing bounds check can cause an out-of-bounds write, leading to local denial of service in the kernel. Connected sources reference Unisoc chipsets (e.g., SC9863A/SC9832E/SC7731E and related Android versions) and reite...
CVE-2022-44420
The CVE-2022-44420 entry describes a vulnerability in the UNISOC modem module where there is a missing verification of the HashMME value in the Security Mode Command, enabling local denial of service with no additional privileges. This is a local-access issue with impact on availability (HIGH) an...
CVE-2022-44422
CVE-2022-44422 affects the music service via a missing permission check, enabling local denial of service in the contacts service. The vulnerability is exploitable with local access and low privileges (UI:N, C:N, I:N, A:H; S:U). No public details on affected product versions or fixes are provided...
CVE-2022-47485
CVE-2022-47485 involves a possibly out-of-bounds write in the modem control device due to a missing bounds check. Public details consistently reference local denial of service with system execution privileges required. Affected component is the modem control device in UNISOC chipsets; exact affec...