8153 matches found
CVE-2023-33892
CVE-2023-33892 concerns the minimal-privilege local information-disclosure flaw in the fastDial service. The root cause, per multiple sources, is a missing permission check in fastDial, enabling an attacker with local access and low privileges to read information without requiring extra execution...
CVE-2023-33896
CVE-2023-33896 affects the libimpl-ril component. A missing bounds check can cause an out-of-bounds write, leading to local denial of service with System execution privileges required. The issue has a CVSSv3.1 base score of 4.4 (Medium) and is characterized as a local attack with high privileges ...
CVE-2023-33913
CVE-2023-33913 describes a vulnerability in the DRM/oemcrypto module where an incorrect calculation of the buffer size allows an out-of-bounds write. This could lead to remote escalation of privilege with system execution privileges required. The initial documents confirm the issue and its impact...
CVE-2023-38436
The CVE-2023-38436 entry concerns vowifiservice and describes a missing permission check that could allow local information disclosure without requiring additional privileges. Across connected sources, the impact is stated as information disclosure with a local attack vector and no explicit remot...
CVE-2023-38454
CVE-2023-38454 concerns the vowifi service where a missing permission check could allow local information disclosure with no extra privileges. The vulnerability is described across multiple feeds as affecting vowifi service components, but the connected documents do not provide specific vulnerabl...
CVE-2023-38458
In the provided documents, CVE-2023-38458 affects vowifiservice (Unisoc/UNISOC chipsets) with a possible missing permission check that could enable local escalation of privilege. The NVD entry describes the impact as local escalation with no extra execution privileges, and the attack vector is LO...
CVE-2023-38461
The CVE-2023-38461 entry concerns vowifiservice with a missing permission check, leading to local denial of service without extra privileges. Affected component: vowifiservice (on UNISOC-derived platforms as reflected in multiple sources). Root cause: insufficient authorization checks in the serv...
CVE-2023-38464
CVE-2023-38464 affects the vowifiservice component (in UNISOC chipsets). The security issue is a missing permission check that could allow local escalation of privilege without requiring additional execution privileges. The CVSS 3.1 vector from NVD indicates a Local, Low Complexity exploit with L...
CVE-2023-38554
CVE-2023-38554 concerns the wcn bsp driver with an out-of-bounds write caused by a missing bounds check, potentially enabling local denial of service with no extra privileges. Affected component: wcn bsp driver (UnISOC context). Impact: local DoS (availability impact) as stated; no explicit explo...
CVE-2023-40641
The vulnerability CVE-2023-40641 affects the Messaging component (notably on UNISOC chipsets per linked sources). The issue is a missing permission check in Messaging which could allow local information disclosure without requiring additional execution privileges. The cited sources collectively d...
CVE-2023-42689
CVE-2023-42689 affects the wifi service in UNISOC chipsets. The root cause is a possible missing permission check in the wifi service, which could enable local escalation of privilege with no additional execution privileges required. The CVE is associated with a high impact (base score 7.8) invol...
CVE-2023-42692
CVE-2023-42692 concerns the wifi service on UNISOC chipsets, where a missing permission check can allow local escalation of privilege with no extra privileges. The CVSS 3.1 base vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects a high impact to confidentiality, integrity, and availability. Pu...
CVE-2023-42747
Consolidated details indicate a vulnerability in Unisoc chipsets where the camera service may lack a required permission check. This can enable local escalation of privilege without additional execution privileges. Affected component appears to be the camera service in Unisoc chipsets; no explici...
CVE-2023-48356
CVE-2023-48356 concerns the jpg driver in UNISOC chipsets. The root cause is a missing bounds check leading to an out-of-bounds write. This can cause local denial of service with system execution privileges required. The available sources (NVD/Red Hat/linked records) describe the vulnerability an...
CVE-2015-9043
CVE-2015-9043 is described in connected sources as a NULL pointer dereference vulnerability affecting Qualcomm components in Android CAF builds using the Linux kernel. The root cause, as stated, is a NULL pointer dereference on timer expiry, with impact described as high/critical in CVSS terms. T...
CVE-2016-6714
CVE-2016-6714 describes a remote denial-of-service condition in Android’s Mediaserver. The issue affects Mediaserver in Android 6.x (before 2016-11-01) and 7.0 (before 2016-11-01); a attacker could trigger a device hang or reboot by crafting a file processed by Mediaserver. The vulnerability is c...
CVE-2018-11827
CVE-2018-11827 affects CAF/Android builds (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux kernel. The issue: improper validation of an array index in the WMA roam synchronization handler can cause an out-of-bounds write. This is tied to Qualcomm WLAN/driver components in the af...
CVE-2018-11869
CVE-2018-11869 affects Android-family releases used on CAF/Linux kernels. The issue is a lack of length validation for a value received from firmware, which can cause a buffer overflow in the WMA handler . The vulnerability is described as local with potential complete impact on confidentiality, ...
CVE-2018-5860
CVE-2018-5860 affects the MDSS (multimedia display) driver in Android builds for MSM, Firefox OS for MSM, and QRD Android, provided by CAF on Linux-based kernels. The root cause is that a data structure may be used without proper initialization, as described in multiple sources. According to the ...
CVE-2018-9534
CVE-2018-9534: A out-of-bounds write in ixheaacd_mps_getstridemap (ixheaacd_mps_parse.c) on Android 9 can lead to remote code execution. Root cause: missing bounds check in ixheaacd_mps_getstridemap. Impact per sources: potential RCE with network vector; user interaction required for exploitation...
CVE-2019-2064
In Android 10, CVE-2019-2064 is a vulnerability in the libxaac library where a missing bounds check enables an out-of-bounds write, potentially enabling remote code execution. The issue affects Android-10 devices using libxaac and is documented across multiple sources (NVD entry; Red Hat and CNVD...
CVE-2019-2147
CVE-2019-2147 affects the Android libxaac library. The issue is an out-of-bounds read caused by a missing bounds check in libxaac, leading to potential information disclosure. Exploitation requires user interaction, and the vulnerability does not grant additional execution privileges. Connected R...
CVE-2019-2163
Concerning CVE-2019-2163, multiple connected sources confirm a concrete issue in the Android 10 libxaac library: an out-of-bounds read due to a missing bounds check, leading to information disclosure. Affected component: libxaac within Android-10. Impact per sources: potential information leakage...
CVE-2019-2189
CVE-2019-2189 affects the Image driver in the Android kernel (Easel driver). The vulnerability stems from race conditions that can cause memory corruption, enabling local elevation of privilege to SYSTEM with no user interaction required. Impact is described as local EoP with high confidentiality...
CVE-2019-9389
CVE-2019-9389 affects Android 10 Bluetooth stack (Bluetooth component) with a out-of-bounds read due to a missing bounds check. This could lead to remote denial of service without user interaction. CVSSv2 base score 5.0 (NETWORK, LOW attack complexity, no privileges required, Availability impact ...
CVE-2020-0341
CVE-2020-0341 affects Android 11; a missing permission check in DisplayManager may allow local escalation of privilege without user interaction. The issue is categorized as Elevation of Privilege (EoP). No exploit details are provided in the sources. Remediation: Android 11 security release notes...
CVE-2020-0492
CVE-2020-0492 affects Android 11 Media framework (BitstreamFillCache in bitstream.cpp). Root cause: out-of-bounds read caused by a heap buffer overflow leading to potential remote information disclosure. Impact: requires no privileges but may require user interaction for exploitation; exposed dat...
CVE-2020-0493
CVE-2020-0493 is an Android Pixel vulnerability tied to CPDF_SampledFunc::v_Call, where an out-of-bounds read due to input validation issues could disclose local information without user interaction. The issue is listed in the Pixel update bulletin for December 2020 as CVE-2020-0493 (Android bug ...
CVE-2020-10852
CVE-2020-10852 involves a stack overflow in the display driver affecting Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) software (Samsung ID SVE-2019-15877). The Red Hat/EUVD/CNVD entries corroborate the same issue. According to the NVD metrics, CVSS v3.1 base score is 7.8 (HIGH) with...
CVE-2020-27025
CVE-2020-27025 affects Android 11 and is caused by an unsafe PendingIntent in EapFailureNotifier.java and SimRequiredNotifier.java, enabling a permission bypass that can lead to local information disclosure. The issue requires no user interaction and could be triggered with local access; the root...
CVE-2020-27054
CVE-2020-27054 affects Android 11, where onFactoryReset in BluetoothManagerService.java lacks a permission check, enabling local escalation of privilege with no additional execution privileges and no user interaction required. The NVD entry lists CVSS v3.1 base score 7.8 (HIGH) and local attack, ...
CVE-2021-25384
CVE-2021-25384 describes an improper input validation in the Samsung libsdffextractor library, specifically in the function handling the Sample Rate Chunk (sdfffd_parse_chunk_PROP). The vulnerability, affecting versions prior to SMR MAY-2021 Release 1, can allow an attacker to trigger arbitrary c...
CVE-2022-47352
The CVE-2022-47352 entry concerns the camera driver in Unisoc chipsets, where a missing bounds check allows an out-of-bounds read. This is described across Red Hat/NVD/CVE records as enabling possible local denial of service with SYSTEM-level execution required. Affected component is the camera d...
CVE-2022-48462
CVE-2022-48462 : In the wifi service, there is a possible out-of-bounds write caused by a missing bounds check, which could lead to local denial of service with no additional execution privileges required. The issue is documented across NVD/Red Hat/CVE lists and related feeds; the available sourc...
CVE-2023-21233
CVE-2023-21233 concerns the avrc module in Wear OS. The vulnerability arises from uninitialized data in multiple locations, enabling a heap data leak that could lead to remote information disclosure with no additional execution privileges needed. Exploitation is possible without user interaction ...
CVE-2023-30927
Summary : CVE-2023-30927 is a local information disclosure vulnerability due to a missing permission check in the telephony service. The NVD entry reports a CVSSv3.1 base score of 5.5 (LOW privileges required, LOCAL exploit, HIGH confidentiality impact). Connected sources corroborate the issue an...
CVE-2023-30933
CVE-2023-30933 involves a missing permission check in the telephony service that enables local information disclosure without additional execution privileges. The core issue is the telephony component failing to enforce access controls, per the CVE description. Connected documents expand on affec...
CVE-2023-30941
CVE-2023-30941 concerns a missing permission check in the telephony service that can lead to local information disclosure without requiring additional execution privileges. The available documents describe the vulnerability as a local information disclosure flaw (CONFIDENTIALITY impact) with priv...
CVE-2023-32789
CVE-2023-32789 concerns a missing permission check in the telephony service that enables local information disclosure without additional execution privileges. The core issue is a privilege check gap in the telephony component, with CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N indicating local acc...
CVE-2023-32861
CVE-2023-32861 affects MediaTek devices with a flaw in the display module due to an incorrect bounds check, causing an out-of-bounds read that could enable local escalation of privileges with System execution privileges required. No user interaction is needed. Patch: ALPS08059081 (Issue ID: ALPS0...
CVE-2023-33886
CVE-2023-33886 affects the telephony service where a missing permission check can cause local information disclosure without additional execution privileges. The CVE's base metrics show Local attack vector, Low attack complexity, Low privileges required, no user interaction, and Confidentiality i...
CVE-2023-33902
CVE-2023-33902 affects UNISOC Bluetooth service across multiple chipsets (e.g., SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T770/T820/S8000). The root cause is a missing permission check in the Bluetooth service, enabling local information disclosure without additional execution pr...
CVE-2023-42682
CVE-2023-42682 affects the gsp driver and stems from a missing bounds check, allowing an out-of-bounds write that could cause local denial of service with system-level privileges required. The provided documents specify the impact (local DoS) and privilege requirements but do not include exploit ...
CVE-2023-42684
CVE-2023-42684 concerns the gsp driver within UNISOC chipsets, where a missing bounds check can cause an out-of-bounds read. The issue is described as leading to local denial of service with System execution privileges required. Documents consistently cite the gsp driver as the vulnerable compone...
CVE-2023-42699
CVE-2023-42699 concerns the omacp service. A missing permission check could allow writing permission usage records for an app, enabling local information disclosure without additional execution privileges. Public sources summarize the issue and impact (local information disclosure) but do not pro...
CVE-2023-42709
CVE-2023-42709 affects UNISOC/chipset Firewall service where a missing permission check enables writing of an app’s permission usage records, leading to local information disclosure without extra privileges. Exploitation details are not provided in the connected documents; no concrete exploit vec...
CVE-2023-42724
CVE-2023-42724 concerns an out-of-bounds read in the GPU driver that could enable local denial of service with system execution privileges. Public details consistently describe the flaw as a bounds-check failure in the GPU driver, with patched mitigations referenced by Apple for iOS/iPadOS. Explo...
CVE-2023-42731
CVE-2023-42731 affects the Gnss service in UNISOC chipsets. The vulnerability is an out-of-bounds read caused by a missing bounds check, leading to local denial of service with System execution privileges required. The CVSSv3.1 base score is 4.4 (Medium) with LOCAL attack vector, low attack compl...
CVE-2023-42736
CVE-2023-42736 concerns a missing permission check in the telecom service, leading to local privilege escalation with no extra privileges required. The connected documents (Red Hat, NVD, PRION/PRIO listing, and related vendor entries) consistently describe the issue as a telecom-service permissio...
CVE-2023-42740
CVE-2023-42740 - A missing permission check in the telecom service allows writing permission usage records, enabling local escalation of privilege without extra execution privileges. The issue is documented across multiple sources (NVD, Red Hat, PRION, CNNVD, etc.) and is associated with UNISOC t...