8153 matches found
CVE-2020-0233
CVE-2020-0233 describes a memory corruption in Android’s kernel due to a use-after-free in main.cpp, enabling local elevation of privilege without extra user interaction. Documented impact: local attacker could escalate privileges; exploitation status is not provided in the sources. Affected comp...
CVE-2020-0234
CVE-2020-0234 affects the Android kernel audio component (kernel driver for msm-cirrus playback). The issue is in crus_afe_get_param in msm-cirrus-playback.c, where a missing bounds check allows an out-of-bounds write. This can enable local privilege escalation with no extra privileges and no use...
CVE-2020-0280
CVE-2020-0280 affects Android 11 and is caused by an out-of-bounds read in nci_proc_ee_management_rsp of nci_hrcv.cc due to a missing bounds check. This can lead to local information disclosure with no additional execution privileges; exploitation requires user interaction. The documentation does...
CVE-2020-0324
Summary: CVE-2020-0324 affects Android 11 via the libsonivox component, where a missing bounds check can cause an out-of-bounds read. This leads to potential remote information disclosure without execution privileges, with user interaction required to exploit. Evidence from provided documents: Th...
CVE-2020-0337
CVE-2020-0337 affects Android 11 in the MediaProvider component, where a permissions-check bypass can occur due to a confused deputy, enabling local information disclosure without user interaction. Affected product: Android 11 (Android framework). Root cause: flawed permission check leading to in...
CVE-2020-0348
CVE-2020-0348 affects Android 11 and is tied to the NFC subsystem. The issue is an out-of-bounds read caused by a missing bounds check, potentially enabling remote information disclosure over NFC without user interaction (as per the NVD/Red Hat/CNVD entries). The vulnerability is associated with ...
CVE-2020-0357
CVE-2020-0357 affects Android 11, specifically the SurfaceFlinger component. The issue is a use-after-free caused by improper locking, enabling local escalation of privilege in the graphics server without extra execution privileges or user interaction. Other documents confirm this CVE is addresse...
CVE-2020-0358
CVE-2020-0358: In Android's SurfaceFlinger, a race condition leads to a use-after-free vulnerability. This is a local elevation-of-privilege issue on Android 11, requiring System privileges with no user interaction. CVSS data (3.1) indicates LOCAL, HIGH-privileges, with Confidentiality/Integrity/...
CVE-2020-0374
CVE-2020-0374 concerns Android 11/NFC where an unsafe PendingIntent can bypass a permission, enabling local elevation of privilege with user rights granted to the attacker. Affected component is the NFC handling path; attack requires local access and does not require user interaction according to...
CVE-2020-0406
CVE-2020-0406 affects Android 11 via the libmpeg2dec component. The issue is an out-of-bounds write caused by a missing bounds check in libmpeg2dec, enabling local privilege escalation if triggered with certain parameters; exploitation requires user interaction and does not require prior executio...
CVE-2020-0488
CVE-2020-0488 affects Android 11 on Pixel devices, with a vulnerability in the media processing path: in ihevc_inter_pred_chroma_copy_ssse3 (file ihevc_inter_pred_filters_ssse3_intr.c), uninitialized data can cause information disclosure. Impact is partial confidentiality loss, remote information...
CVE-2020-0497
Technical details about CVE-2020-0497 are not provided in the supplied documents beyond the basic Android biometric disclosure information. Monitor for updates for any new specifics on affected components, affected versions, impact, and remediation.
CVE-2020-11607
CVE-2020-11607 concerns Samsung mobile devices running P(9.0)/Q(10.0). The issue is a notification exposure in Lockdown mode caused by the Edge Lighting application, enabling potential information disclosure. Affected component: Edge Lighting on affected Samsung firmware. Root cause: not explicit...
CVE-2020-15577
Samsung mobile devices running P (9.0) and Q (10.0) software are affected by CVE-2020-15577 via the Cameralyzer component, which can write files to the SD card. Root cause: Cameralyzer ability to write to external storage leads to unauthorized file writes. Impact: potential modification or insert...
CVE-2020-15584
CVE-2020-15584 affects Samsung mobile devices running Q(10.0). The issue arises when processing a 4K wallpaper image, where ImageProcessHelper mishandles boundary checks, causing out-of-bounds access that can lead to a device reset. Samsung’s internal ID for this vulnerability is SVE-2020-18056 (...
CVE-2020-25053
CVE-2020-25053 affects Samsung mobile devices running Android Q (10.0) on Exynos9830. Root cause: RKP permits arbitrary code execution. Impact: remote code execution with high severity (CVSS v3.1 base 9.8, network access, no user interaction). Exploitation details are not provided in the document...
CVE-2020-25280
CVE-2020-25280 affects Samsung mobile devices running Android Q (10.0) on Exynos and MediaTek chipsets. Unauthenticated attackers could send a USB debugging command to execute LTE/5G commands, with impact to confidentiality, integrity, and availability listed as high in CVSS 3.1 (PHYSICAL access,...
CVE-2020-27032
In CVE-2020-27032, a missing permission check in getRadioAccessFamily() of PhoneInterfaceManager.java allows a local attacker to read privileged radio data on Android-11, potentially leading to information disclosure without user interaction. Affected component is the Android framework (PhoneInte...
CVE-2020-27048
CVE-2020-27048 affects Android 11 and targets the RW_SendRawFrame path in rw_main.cc, where a missing bounds check allows an out-of-bounds write. This can lead to local escalation of privilege with no extra execution privileges required, and exploitation requires user interaction. The issue is li...
CVE-2021-0372
CVE-2021-0372 is a local elevation of privilege in Android 11 via getMediaOutputSliceAction in RemoteMediaSlice.java, caused by an unsafe PendingIntent that bypasses permissions without requiring user interaction. The impact is escalation to higher privileges (HIGH per CVSSv3.1) with local access...
CVE-2021-0389
CVE-2021-0389 affects Android 11; root cause is a missing permission check in UiModeManagerService.setNightModeActivated (UiModeManagerService.java). This permits local privilege escalation without additional execution privileges and without user interaction. Public information confirms the issue...
CVE-2021-0416
CVE-2021-0416 concerns the Mediatek memory management driver. The available descriptions state a vulnerability due to improper input validation that can cause a system crash, yielding local denial of service without requiring user interaction. Affected components are described as the memory manag...
CVE-2021-0418
CVE-2021-0418 concerns the Mediatek memory management driver, where improper input validation can cause a local system crash leading to denial of service without user interaction. The issue is described across multiple sources (NVD, Red Hat) with the same core weakness. The patch reference provid...
CVE-2021-0461
CVE-2021-0461 (Android kernel, iaxxx-core sensor) : The issue arises in iaxxx_core_sensor_change_state within iaxxx-module.c, where a missing bounds check can cause an out-of-bounds write. This leads to local escalation of privilege with System execution privileges required, and exploitation does...
CVE-2021-0497
CVE-2021-0497 describes a memory corruption vulnerability in the Android memory management driver caused by a use-after-free. This can enable local escalation of privilege without user interaction. Affected component is the Android memory management driver on Android SoCs with Android ID A-183461...
CVE-2021-0531
CVE-2021-0531 affects the memory management driver in Android, specifically MTK memory management components, with a use-after-free leading to local privilege escalation and high impact as described in multiple sources. The vulnerability is a memory corruption issue in the memory management drive...
CVE-2021-0613
CVE-2021-0613 affects MediaTek’s asf extractor component. It describes an out-of-bounds read caused by an incorrect bounds check, enabling local information disclosure without extra privileges or user interaction. A patch/issue reference is ALPS05489178 (MediaTek bulletin). Exploitation details (...
CVE-2021-0620
CVE-2021-0620 affects the asf extractor component, where an out-of-bounds read caused by a heap buffer overflow could lead to local information disclosure without additional execution privileges. Exploitation details are not provided in the documents. The issue is associated with a patch: ALPS054...
CVE-2021-0624
CVE-2021-0624 affects the flv extractor component; the root cause is an out-of-bounds read caused by a heap buffer overflow, leading to local information disclosure without extra execution privileges and with no user interaction required. The vulnerability is referenced with Patch ID ALPS05594988...
CVE-2021-0666
CVE-2021-0666 concerns MediaTek’s Apusys component where an incorrect bounds check can cause an out-of-bounds read. This leads to local information disclosure with system execution privileges needed to exploit, and does not require user interaction. The vulnerability is documented across multiple...
CVE-2021-0670
The CVE-2021-0670 entry concerns an issue in the apusys component where a use-after-free can cause memory corruption, enabling local escalation of privilege with SYSTEM execution privileges; exploitation reportedly does not require user interaction. Patch ID ALPS05654663 (Issue ID ALPS05654663) i...
CVE-2021-0902
CVE-2021-0902 affects MediaTek Apusys. The issue is an out-of-bounds read caused by an incorrect bounds check in apusys, potentially leading to local information disclosure with SYSTEM privileges required for exploitation and no user interaction. Public details in the initial and connected record...
CVE-2021-1038
CVE-2021-1038 describes a DoS via a tapjacking/overlay vulnerability in UserDetailsActivity of AndroidManifest.xml, affecting Android 9–12. The root cause is an overlay/tapjacking issue that can cause local denial of service with no extra privileges; exploitation requires user interaction per CVS...
CVE-2021-22495
CVE-2021-22495 affects Samsung mobile devices with Exynos SoCs (O/8.x, P/9.0, Q/10.0, R/11.0) where the Mali GPU driver permits out-of-bounds access and can trigger a device reset. This is documented across multiple sources in the connected docs (NVD, Red Hat advisory, CVE records), referencing S...
CVE-2021-25386
Summary: The vulnerability CVE-2021-25386 affects the Samsung libsdffextractor library, specifically the improper input validation in the function sdfffd_parse_chunk_FVER(). This can allow attackers to execute arbitrary code on the mediaextractor process. Affected component: libsdffextractor (pri...
CVE-2021-25389
Samsung CVE-2021-25389 affects S Secure prior to SMR MAY-2021 Release 1, due to an improper running task check that could allow a user to access a locked app without authentication. Affected: Samsung devices running S Secure; Root cause: faulty task-check logic. Impact: partial confidentiality an...
CVE-2021-25472
The CVE-2021-25472 entry concerns an improper access control vulnerability in BluetoothSettingsProvider for Samsung SMR releases. Affected component: BluetoothSettingsProvider prior to SMR Oct-2021 Release 1. Condition: an untrusted application can overwrite certain Bluetooth information due to w...
CVE-2021-25473
CVE-2021-25473 affects Samsung Galaxy SystemUI prior to SMR Oct-2021 Release 1. The issue is an improper exception handling for the multi_sim_bar_hide_by_meadia_full value, which can allow a local attacker to cause a permanent denial of service on the user device before factory reset. Supported m...
CVE-2021-25503
CVE-2021-25503 is an improper input validation vulnerability in Samsung HDCP prior to SMR Nov-2021 Release 1 that enables arbitrary code execution. Affected component: HDCP; root cause: input validation weakness. Local attack vector with low complexity and no authentication required (per CVSS). I...
CVE-2022-36856
The CVE-2022-36856 entry concerns Samsung Telecom application on mobile devices. Affected component: Telecom application prior to SMR Sep-2022 Release 1. Root cause: improper access control that allowed an attacker to start emergency calls via undefined permission. Impact: demonstrated capability...
CVE-2022-47477
CVE-2022-47477 affects the telephony service, with a missing permission check leading to local information disclosure without requiring additional execution privileges. The linked documents consistently describe a zero-day-style local disclosure risk via the telephony module (e.g., UNISOC telepho...
CVE-2022-47478
Affected software: telephony service. Root cause: missing permission check leading to potential local information disclosure. Impact: local information disclosure without additional execution privileges; confidentiality impact HIGH, as per CVE entry. Exploitation status: not described in the prov...
CVE-2022-47497
The CVE-2022-47497 entry concerns the soter service, with a root cause described as a missing bounds check that enables an out-of-bounds write. This could cause local denial of service with system execution privileges required. Affected context appears to be UNISOC/“soter service” components acro...
CVE-2022-48232
CVE-2022-48232 concerns UNISOC chipsets’ FM service with a missing parameter check, enabling local denial of service. Connected sources corroborate a local impact; exploitation details are not provided, and there is no publicly available fix information in the supplied documents. Monitor for upda...
CVE-2022-48386
The CVE-2022-48386 entry concerns the apipe driver with a use-after-free caused by a logic error, leading to local denial of service with SYSTEM privileges. This is documented across multiple feeds (NVD, Red Hat, CVE List) and references UNISOC chipsets’ apipe driver. No explicit patch/version re...
CVE-2022-48452
CVE-2022-48452 affects Ifaa service used in UNISOC chipsets. The root cause is a missing permission check, enabling local denial of service with SYSTEM privileges required. Exploitation is described as local (no UI interaction). The CVE entry shows a MEDIUM severity (CVSS v3.1: 4.4) with PRIVILEG...
CVE-2023-20719
The CVE-2023-20719 issue affects the pqframework. It describes an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure with high confidentiality impact and requiring system privileges, with no user interaction needed. Mitigation/Remediation: Patch...
CVE-2023-20720
CVE-2023-20720 affects the pqframework component. The issue is an out-of-bounds read caused by a missing bounds check, enabling local escalation of privilege with SYSTEM-level execution privileges required. Exploitation does not require user interaction. The code is associated with patch ALPS0762...
CVE-2023-20750
The CVE-2023-20750 entry concerns the swpm module in MediaTek chips, describing a race-condition that can cause an out-of-bounds write. This could lead to local information disclosure, with system execution privileges needed for exploitation and no user interaction required. Public references not...
CVE-2023-20753
CVE-2023-20753 affects rpmb (MediaTek context in multiple feeds). A logic error enables an out-of-bounds write, which could lead to local privilege escalation with SYSTEM execution privileges required. Exploitation does not require user interaction. A patch is referenced as ALPS07460390 (Issue AL...