CVE-2020-27038

In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154302257

CVE-2020-27097

In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-14072...

CVE-2020-35548

An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020).

CVE-2021-0347

In ccu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: A...

CVE-2021-0375

In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-0386

In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110

CVE-2021-0416

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.

CVE-2021-0417

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.

CVE-2021-0450

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1751...

CVE-2021-0454

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117...

CVE-2021-0491

In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid I...

CVE-2021-0528

In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266

CVE-2021-0610

In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456.

CVE-2021-0615

In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369.

CVE-2021-0619

In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395.

CVE-2021-0624

In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.

CVE-2021-0665

In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.

CVE-2021-0666

In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.

CVE-2021-0668

In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521.

CVE-2021-1039

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android...

CVE-2021-25408

A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.

CVE-2021-25409

Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.

CVE-2021-25450

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

CVE-2021-25451

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

CVE-2021-25471

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.

CVE-2021-25486

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.

CVE-2021-25502

A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.

CVE-2021-25513

An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.

CVE-2022-20022

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User ...

CVE-2022-20308

In hostapd, there is a possible insecure configuration due to an insecure default value. This could lead to remote denial of service of the wifi hotspot with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-...

CVE-2022-26428

In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260.

CVE-2022-38675

In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-39122

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-44420

In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges.

CVE-2022-44421

In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure.

CVE-2022-47353

In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed

CVE-2022-48232

In FM service , there is a possible missing params check. This could lead to local denial of service in FM service .

CVE-2022-48238

In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

CVE-2022-48386

the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed.

CVE-2022-48443

In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

CVE-2022-48451

In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.

CVE-2023-20627

In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585.

CVE-2023-20658

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.

CVE-2023-20665

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604.

CVE-2023-20689

In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741.

CVE-2023-20707

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556.

CVE-2023-20723

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845.

CVE-2023-20750

In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928.

CVE-2023-20822

In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012.

CVE-2023-20833

In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017764.