8153 matches found
CVE-2020-11603
CVE-2020-11603 affects Samsung mobile devices running P(9.0) and Q(10.0) that include TEEGRIS. The issue is a type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The vulnerability is identified by Samsung as SVE-2020-16599 (April 2020). Exploitation details, affected versio...
CVE-2020-25057
CVE-2020-25057 affects LG mobile devices running Android 10, where MDMService does not properly restrict APK installations. This is the core described issue across multiple sources linked to LG’s LVE-SMP-200011 (July 2020). Concrete details in the connected documents are limited to the affected c...
CVE-2020-25059
CVE-2020-25059 affects LG mobile devices running Android OS 7.2, 8.0, 8.1, 9, and 10. The issue is a service crash caused by incorrect input validation (LG ID LVE-SMP-200013). No further technical details (exploit paths, specific components, or remediation) are provided in the connected documents...
CVE-2020-25065
CVE-2020-25065 affects LG mobile devices running Android 4.4–10. The issue is that an obsolete API enables key logging, leading to potential confidentiality impact (C:H) with no integrity/availability impact. Root cause described as use of an obsolete API; CVSS:3.1 base score 7.5 (Network attack ...
CVE-2020-27021
CVE-2020-27021 is an Android 11 vulnerability documented in the Pixel security bulletin under the System component with type “ID” (Information disclosure) and moderate severity. The issue is described elsewhere as an out-of-bounds read in avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, enabling loc...
CVE-2020-27029
CVE-2020-27029 affects Android 11 TextView. In TextView.java, improper input validation can cause an app hang, enabling a remote denial of service with no extra privileges. Exploitation requires user interaction. CVSS metrics indicate a base CVSS v3.1 score of 6.5 (Network, Low attack complexity,...
CVE-2020-27040
CVE-2020-27040 affects the Android NFC stack (phNxpNciHal_core_initialized in phNxpNciHal.cc). The root cause is a missing bounds check that enables an out-of-bounds read, potentially leading to local information disclosure on an NFC server with System privileges. Exploitation is described as loc...
CVE-2020-27055
The CVE-2020-27055 vulnerability affects Android 11, specifically in WifiConfigController.java and WifiConfigController2.java. The issue arises from improper input validation in isSubmittable and showWarningMessagesIfAppropriate, leading to an insecure WiFi configuration and potential remote info...
CVE-2021-0387
CVE-2021-0387 affects Android 11 with a race-condition caused use-after-free in FindQuotaDeviceForUuid (QuotaUtils.cpp). This leads to local elevation of privilege to System level. Exploitation details are not provided in the sources; MITRE ATT&CK IDs are not justified in the documents. Remediati...
CVE-2021-0417
CVE-2021-0417 describes a vulnerability in a memory management driver where improper input validation can cause a system crash, leading to local denial of service without extra privileges. The issue is not user-initiated and headers indicate a local attack vector. Connected sources confirm the ro...
CVE-2021-0419
CVE-2021-0419 concerns an in-memory management driver vulnerability where improper input validation can cause a local denial-of-service crash without requiring user interaction. The description appears consistently across sources (NVD, Red Hat, PRION, CVE lists) and references a patch ID ALPS0540...
CVE-2021-0458
CVE-2021-0458 affects the FingerTipS touch screen driver in the Android kernel. The issue is an out-of-bounds read caused by an integer overflow in the driver, which can lead to local information disclosure with System privileges required. Exploitation does not require user interaction. Public de...
CVE-2021-0495
CVE-2021-0495 : In Android, a memory management driver has an out-of-bounds write due to uninitialized data, enabling local elevation of privilege. Exploitation is Local with no user interaction required; no explicit exploit details or patch versions are provided in the connected documents.
CVE-2021-0528
CVE-2021-0528 describes a vulnerability in the Android memory management driver (MediaTek MTK chipset) where a double free leads to memory corruption, enabling local privilege escalation with no extra user interaction. The issue is categorized as a local privilege escalation (local access, no use...
CVE-2021-0610
CVE-2021-0610 affects Mediatek memory management driver. Reported issue is a memory corruption caused by an integer overflow, enabling local privilege escalation with no user interaction required (LOCAL, LOW complexity). Documents consistently describe a patch identified as ALPS05403499 (Issue AL...
CVE-2021-0615
The CVE-2021-0615 entry concerns Mediatek’s flv extractor. The vulnerability is an out-of-bounds read caused by an integer overflow in the flv extractor’s processing, enabling local information disclosure without extra execution privileges. Impact is described as partial confidentiality loss with...
CVE-2021-0617
CVE-2021-0617 affects MediaTek’s ape extractor. The issue is a heap-buffer-overflow–induced out-of-bounds read in the extractor, leading to local information disclosure without privilege or user interaction. Patch ALPS05561391/ALPS05561391 is referenced as remediation. No exploitation details are...
CVE-2021-0631
The CVE-2021-0631 entry concerns the Mediatek wifi driver with a missing bounds check in the wifi driver, causing a possible system crash and remote denial of service without authentication or user interaction. The issue is described as a missing bounds check that can be exploited to crash the sy...
CVE-2021-0633
CVE-2021-0633 affects the Mediatek display driver. It arises from an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation to System level with no user interaction required. Patch ID: ALPS05585423 (Issue ALPS05585423) is noted as remediation. Connected sourc...
CVE-2021-0655
CVE-2021-0655 affects the mdlactl driver and is caused by a memory corruption due to an incorrect bounds check. The vulnerability could allow local privilege escalation to SYSTEM with no user interaction required. Impact is described as partial/complete control for the attacker on the affected sy...
CVE-2021-0668
The CVE-2021-0668 entry refers to a memory corruption issue in the apusys component caused by incorrect error handling, enabling local privilege escalation to System level with no user interaction required. Patch ALPS05670521 (Issue ALPS05670521) is noted as a fix. Connected documents (e.g., Red ...
CVE-2021-0896
CVE-2021-0896 affects the MediaTek Apusys component (apusys): a missing bounds check allows an out-of-bounds write, enabling local escalation of privilege with System execution privileges. User interaction is not required. The issue is documented across NVD and Red Hat entries; the cited patch is...
CVE-2021-25408
CVE-2021-25408 concerns a buffer overflow in the NPU driver prior to Samsung SMR JUN-2021 Release 1. The underlying issue is a memory overwrite vulnerability in the driver that could lead to arbitrary memory write and code execution. Affected product scope is the NPU driver as described; no speci...
CVE-2021-25411
CVE-2021-25411 affects the RKP API prior to Samsung SMR JUN-2021 Release 1, where improper address validation allows a root, local attacker to write read-only kernel memory. The connected documents do not provide explicit affected products/versions beyond this description, nor explicit remediatio...
CVE-2021-25415
CVE-2021-25415 concerns Samsung Mobile’s RKP (kernel protection) before SMR JUN-2021 Release 1. The vulnerability stems from improper address validation, enabling a local attacker to remap EL2 memory as writable if EL1 is compromised. Documents identify the affected component as Samsung RKP and d...
CVE-2021-25427
CVE-2021-25427 describes a SQL injection vulnerability in Bluetooth prior to the Samsung SMR July-2021 Release 1, enabling unauthorized access to data on paired devices. The vulnerability is tied to the Bluetooth module's handling of SQL statements, with documented impact being access to paired d...
CVE-2021-25456
CVE-2021-25456 affects the libswmfextractor.so component. The vulnerability is described as an out-of-bounds read that enables an attacker to cause a memcpy at an arbitrary address via a forged WMF file, implying memory corruption with possible in-memory impact. According to the sources, this is ...
CVE-2021-25468
CVE-2021-25468 concerns a memory-access vulnerability in Samsung Widevine Trustlet. Multiple sources indicate that Widevine trustlet versions prior to SMR Oct-2021 Release 1 are affected and that an attacker with local access could read arbitrary memory addresses due to a boundary/memory check is...
CVE-2021-25469
The vulnerability CVE-2021-25469 affects Widevine trustlet prior to Samsung SMR Oct-2021 Release 1. It is a stack-based buffer overflow in the trustlet that can lead to arbitrary code execution with local access and low attack complexity. Impact is partial to high confidentiality/integrity/availa...
CVE-2021-25470
CVE-2021-25470 affects TEEGRIS Secure OS prior to SMR Oct‑2021 Release 1. The issue is an improper caller check logic in the SMC call that can be used to compromise the Trusted Execution Environment (TEE). Impact is described as TEE compromise; no exploit details provided in the documents. Mitiga...
CVE-2021-25471
The vulnerability CVE-2021-25471 affects Samsung devices in the Security Mode Command (SMC) processing path where replay protection is missing. This lack of replay attack protection can cause denial of service to mobile network connections and result in battery depletion. Documented impact is tie...
CVE-2021-25517
CVE-2021-25517 affects Samsung LDFW firmware prior to SMR Dec-2021 Release 1. The vulnerability arises from improper input validation in LDFW, enabling arbitrary code execution on affected devices. Documented impact includes remote/local (depending on context) execution with high severity (CVSS v...
CVE-2021-25518
CVE-2021-25518 affects Samsung LDFW and BL31. The issue is an improper boundary check in the secure_log before SMR Dec-2021 Release 1, enabling arbitrary memory write and code execution. Reported impact includes local access with partial confidentiality/integrity/availability implications as per ...
CVE-2022-26428
CVE-2022-26428 describes a race condition in the MediaTek video codec that can cause memory corruption and local privilege escalation. The vulnerability is triggered without user interaction and requires local access with high privileges; the base CVSSv3.1 vector indicates Local attack, High atta...
CVE-2022-39085
Technical details about CVE-2022-39085 are not publicly available in the provided connected documents. Monitor for updates from vendor advisories and security feeds.
CVE-2022-47474
CVE-2022-47474 concerns a missing permission check in the telephony service, enabling local information disclosure without extra privileges. Documented impact is high confidentiality risk with local attack vector; no exploitation details or fixes are provided in the connected sources. Affected co...
CVE-2022-47490
CVE-2022-47490 concerns the UNISOC soter service, where a missing permission check is identified as the root cause. The available documents describe this flaw as enabling local denial of service with no additional execution privileges, affecting the soter service in UNISOC chipsets. Exploitation ...
CVE-2022-47496
The CVE-2022-47496 entry relates to the soter service and describes a missing bounds check that enables an out-of-bounds write. This can cause local denial of service with System-level privileges. Exploitation details are not provided in the documents. Multiple connected sources (Red Hat, NVD, PR...
CVE-2022-47498
The CVE-2022-47498 entry relates to the UNISOC/UNISOC soter service. The root cause described across connected documents is a missing bounds check that enables an out-of-bounds write. Impact specified is local denial of service with system‑level execution privileges required, and the CVSS indicat...
CVE-2022-48239
CVE-2022-48239 is a camera driver vulnerability describing an out-of-bounds write caused by a missing bounds check, leading to local denial of service with System-level privileges required. Connected sources identify this as affecting UNISOC camera driver code (notably on Unisoc/SC-series chipset...
CVE-2022-48387
The CVE-2022-48387 issue affects the apipe driver (notably in UNISOC chipsets), caused by a missing bounds check that enables an out-of-bounds write. This leads to local denial of service with System execution privileges required. Publicly detailed exploit information, affected versions, and conc...
CVE-2022-48445
CVE-2022-48445 concerns a vulnerability in the telephony service where a missing permission check could allow a local denial of service without requiring additional privileges. This is described consistently across multiple sources (NVD, Red Hat, CVE lists) as a local issue with no exploitation d...
CVE-2023-20625
CVE-2023-20625 affects the adsp component and is caused by a race condition leading to a double free. This can allow local privilege escalation with SYSTEM-level execution privileges, and exploitation does not require user interaction. The entry lists patch ALPS07628532 (Issue ID ALPS07628532) as...
CVE-2023-20642
The CVE-2023-20642 issue is a local out-of-bounds write in the ril module of MediaTek silicon. The root cause is a missing bounds check that can lead to local privilege escalation with System execution privileges required; no user interaction is needed for exploitation. Affected component is ril ...
CVE-2023-20691
CVE-2023-20691 affects MediaTek WLAN firmware, where an integer overflow can cause a system crash and remote denial of service. Exploitation requires no user interaction and no privileges. Root cause is not elaborated beyond the overflow in the WLAN firmware; no explicit exploit vectors are provi...
CVE-2023-20701
In the provided CVE-2023-20701 context, the issue is a vulnerability in the widevine module of MediaTek chips. The root cause is a logic error that can trigger an out-of-bounds write, potentially enabling local escalation of privileges with system execution rights. Exploitation requires no user i...
CVE-2023-20710
The CVE-2023-20710 entry concerns the MediaTek keyinstall component, where an out-of-bounds read can occur due to a missing bounds check. This vulnerability could lead to local information disclosure with system-level privileges required for exploitation, and exploitation reportedly does not requ...
CVE-2023-20758
CVE-2023-20758 affects the cmdq component, where a missing bounds check can cause memory corruption. This is described as enabling local denial of service with System execution privileges required, and exploitation does not require user interaction. A patch is listed (ALPS07636133; ALPS07636130)....
CVE-2023-20793
CVE-2023-20793 affects MediaTek devices via the apu module, causing memory corruption from a missing bounds check. This can permit local denial of service with SYSTEM privileges, without user interaction. The issue is tied to firmware/driver code (apu) and has a patch identified as ALPS07767818. ...
CVE-2023-20818
CVE-2023-20818 affects MediaTek WLAN service. The issue is an out-of-bounds read caused by improper input validation in the WLAN subsystem, enabling local information disclosure with SYSTEM-level privileges. Exploitation requires no user interaction. A patch/mitigation reference is Patch ID: ALPS...