8153 matches found
CVE-2025-48548
CVE-2025-48548 describes a race condition in AppOpsControllerImpl.java that could allow recording audio without the privacy indicator, enabling local elevation of privilege with user interaction required. The issue is discussed across multiple sources (Android/Red Hat/CNVD views) with the same co...
CVE-2023-42652
CVE-2023-42652 affects the UNISOC/engineermode context. The root cause is a missing permission check in engineermode, enabling local information disclosure with no additional execution privileges. Impact aligns with the CVSS note: local attacker access to confidential data; exploitation status no...
CVE-2023-42681
CVE-2023-42681 affects the ion service in Unisoc chipsets, where a missing permission check can allow local escalation of privilege without requiring additional execution privileges. The issue is rooted in the ion service’s access control, enabling a local attacker with low privileges to exploit ...
CVE-2023-42686
Technical details about CVE-2023-42686 are not publicly available in the provided connected documents. Monitor for updates for affected products, components, and remediation specifics.
CVE-2023-42702
CVE-2023-42702 describes a missing permission check in the firewall service that allows an attacker with local access to write permission usage records for an app, causing local information disclosure with no additional execution privileges. Affected: firewall service in UNISOC chipsets. Impact: ...
CVE-2023-42715
CVE-2023-42715 affects UNISOC chipsets with a vulnerability in the telephony service caused by a missing permission check, enabling local information disclosure without requiring extra execution privileges. The CVSS entry cites local attack vector, low attack complexity, and low privileges requir...
CVE-2023-42730
CVE-2023-42730 describes a vulnerability in the IMS service where a missing permission check allows writing permission usage records, enabling local information disclosure without extra privileges. The NVD entry lists a CVSS 3.1 base score of 5.5 (Medium) with Local attack vector, Low attack comp...
CVE-2025-20693
The CVE-2025-20693 issue affects the wlan STA driver, with an out-of-bounds read caused by an incorrect bounds check. This vulnerability could allow remote information disclosure from proximal access without extra privileges or user interaction. The impact is described as high confidentiality ris...
CVE-2025-20787
CVE-2025-20787 describes a memory corruption through a use-after-free in the display path, potentially allowing local privilege escalation if an attacker already has System privileges. Exploitation reportedly does not require user interaction. The issue is associated with a patch ID ALPS10149879 ...
CVE-2025-36893
CVE-2025-36893 describes a local information-disclosure vulnerability due to uninitialized data in ReadTachyonCommands within gxp_main_actor.cc. The issue can leak information with no additional execution privileges and no user interaction required. Affected component: the gxp main actor’s ReadTa...
CVE-2025-36897
CVE-2025-36897 involves an out-of-bounds write in cd_CnMsgCodecUserApi.cpp due to a missing bounds check, enabling remote code execution without extra privileges and without user interaction. Public sources (Pixel bulletin) classify the issue as RCE with High severity and note a 2025-09-05 patch ...
CVE-2025-48528
CVE-2025-48528 describes a tapjacking/overlay vulnerability that could allow overlaying biometrics to achieve local privilege escalation with no user interaction. The Android Security Bulletin lists CVE-2025-48528 as a Framework issue with High severity and notes updated AOSP versions 15 and 16, ...
CVE-2025-48553
CVE-2025-48553 impacts Android’s DevicePolicyManagerService.java, where a logic error in handlePackagesChanged can cause a denial-of-service on a device admin, enabling local privilege escalation without extra execution privileges or user interaction. The issue is documented across multiple sourc...
CVE-2026-0025
CVE-2026-0025 is a vulnerability in Android’s Notification.java hasImage path where a permissions bypass can leak information across users, enabling local privilege escalation with no extra execution privileges and no user interaction. Exploitation is local and no exploit details are provided in ...
CVE-2026-0048
Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.
CVE-2026-0162
Technical details for CVE-2026-0162 are not publicly provided in the connected documents. The available descriptions only indicate a memory corruption in AudioSdpParser.cpp potentially enabling remote code execution. Monitor for updates and additional technical disclosures.
CVE-2018-9574
CVE-2018-9574 affects Android 9 via an out-of-bounds write in impd_parse_split_drc_characteristic (impd_drc_static_payload.c), caused by missing bounds checks. This could lead to remote code execution with user interaction required; no exploitation details are provided in the connected documents ...
CVE-2023-38437
CVE-2023-38437 affects the vowifiservice component. The connected documents describe a missing permission check in vowifiservice that could cause local information disclosure without requiring additional execution privileges. The impact is stated as local information disclosure and the attack vec...
CVE-2023-38439
CVE-2023-38439 concerns a vulnerability in vowifiservice characterized by a possible missing permission check, which could enable local information disclosure without requiring additional execution privileges. The connected documents consistently reference vowifiservice as the affected component ...
CVE-2023-38440
CVE-2023-38440 concerns a missing permission check in vowifiservice, enabling local information disclosure with no extra privileges. The observed impact is local disclosure; CVSS indicates local attack vector, low privileges required, low attack complexity, with high confidentiality impact. Publi...
CVE-2023-38453
Technical details about CVE-2023-38453 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2023-38457
CVE-2023-38457 affects vowifiservice. The vulnerability is caused by a missing permission check in vowifiservice, allowing local denial of service with no extra execution privileges. CVSS metrics indicate local attack vector, low attack complexity, and low privileges required, with availability i...
CVE-2023-42673
CVE-2023-42673 concerns the imsservice component, where a missing permission check enables an app to potentially write permission usage records, causing local information disclosure with no extra execution privileges. The vulnerability is described across multiple feeds (NVD/Red Hat/CVE records) ...
CVE-2023-42687
CVE-2023-42687 : The wifi service contains a missing permission check that could enable local escalation of privilege with no additional execution privileges required. The available data from the CVE entry indicates a local exploit path with a high impact (Confidentiality/Integrity/Availability H...
CVE-2023-42696
CVE-2023-42696 involves a missing permission check in the telecom service, enabling local escalation of privilege with no extra execution privileges required. The vulnerability is reported with a LOCAL attack vector and LOW privileges required, yielding a high impact on confidentiality, integrity...
CVE-2023-42704
CVE-2023-42704 affects imsservice in certain UNISOC-based environments. The root cause is a missing permission check that can allow an app to write permission usage records, enabling local information disclosure without requiring additional execution privileges. Reported impact aligns with NVD CV...
CVE-2023-42708
CVE-2023-42708 affects the firewall service, where a missing permission check could allow writing an app’s permission usage records, leading to local information disclosure without extra execution privileges. The issue is documented across multiple sources (NVD/Red Hat/PRion/CVE lists) and is ass...
CVE-2023-42712
Consolidated data for CVE-2023-42712 from multiple sources confirms a vulnerability in the firewall service of UNISOC chipsets. The root cause is a missing permission check that could allow an app to write permission usage records, enabling local information disclosure without requiring additiona...
CVE-2023-42713
CVE-2023-42713 affects UNISOC chipsets’ firewall service, where a missing permission check enables an app to write permission usage records. Root cause: inadequate authorization on the firewall service, allowing local information disclosure without extra execution privileges. Impact: local inform...
CVE-2023-42714
CVE-2023-42714 affects the firewall service and is discussed across multiple sources (NVD, Red Hat, CVE List, CNNVD). The root issue is a missing permission check that enables writing permission usage records for an app, leading to potential local information disclosure with no extra execution pr...
CVE-2023-42725
CVE-2023-42725 concerns the GPU driver with a missing bounds check that enables an out-of-bounds read and local denial of service with System execution privileges. This aligns across multiple sources (NVD, Red Hat, CVE lists) describing the same issue in the GPU driver; exploitation status is not...
CVE-2023-42728
CVE-2023-42728 affects the phasecheckserver component, where a missing bounds check can lead to an out-of-bounds read and local denial of service. Multiple sources (NVD, Red Hat, PRION, CVE lists, and vendor pages) corroborate the issue and the local-privilege aspect, with no public exploitation ...
CVE-2023-42748
CVE-2023-42748 refers to a missing permission check in the telecom service that can enable local privilege escalation without additional execution privileges. The vulnerability is characterized by local access (attack vector LOCAL), low privilege required, and no user interaction, with high confi...
CVE-2023-48346
CVE-2023-48346 affects the video decoder component in UNISOC chipsets. The root cause is improper input validation, which could allow local denial of service without additional execution privileges. The available documents describe the impact as local and do not specify exploit details or a fixed...
CVE-2025-20803
CVE-2025-20803 affects the dpe component. The issue is a memory corruption caused by an integer overflow that could allow local escalation of privilege when the attacker already has System privileges; exploitation requires user interaction. A patch is identified as ALPS10199779 (MSV-4504). Public...
CVE-2025-32326
CVE-2025-32326 describes a local elevation of privilege in Android via a confused deputy in AppRestrictionsFragment.java, enabling bypass of the intent security check. Impact is local with user interaction required; no additional execution privileges needed. Root cause: insecure bypass in multipl...
CVE-2025-32330
CVE-2025-32330 : The issue is in generateRandomPassword of LocalBluetoothLeBroadcast.java, where an insecure default value can allow a nearby attacker to intercept the Auracast audio stream, causing remote information disclosure without extra privileges or user interaction. The connected document...
CVE-2025-36895
CVE-2025-36895 is an information-disclosure vulnerability documented in the Pixel security bulletin, affecting the WLAN subcomponent. The Android bulletin lists it under Pixel with type ID, High severity, and affected as WLAN. The CVSSv3.1 vector indicates a Network attack vector, with Low attack...
CVE-2025-36899
CVE-2025-36899 affects Google Pixel devices, with a local elevation-of-privilege (EoP) flaw in the Secure Element component. It stems from test/debugging code left in a production build, allowing privilege escalation without additional execution privileges or user interaction (per the CVE entry a...
CVE-2025-48529
The CVE-2025-48529 issue affects VoicemailNotificationSettingsUtil.java, specifically the setRingtoneUri function, causing a cross-user data leak (confused deputy) that can disclose local information without extra privileges. Exploitation requires no user interaction and is local. The connected d...
CVE-2025-48546
CVE-2025-48546 affects SafeActivityOptions.java. The issue arises during checkPermissions, enabling a possible background activity launch due to a logic error. This can lead to local escalation of privilege with no additional execution privileges required, and no user interaction needed for explo...
CVE-2025-48550
CVE-2025-48550 is a path traversal vulnerability in testGrantSlicePermission of SliceManagerTest.java that could cause a permanent Denial of Service locally, without user interaction. Exploitation is local and requires no additional privileges. The connected documents confirm the issue but do not...
CVE-2025-48559
CVE-2025-48559 affects Google Android’s AppOpsService.java. The vulnerability arises from improper input validation in multiple internal functions, enabling an attacker to add a large number of app ops. This can cause a local denial of service with no extra privileges and without user interaction...
CVE-2026-0098
Technical details (affected products, versions, exploit specifics, or mitigations) are not publicly available in the provided documents. Monitor for updates and rely on official advisories when they are published.
CVE-2026-0106
The CVE-2026-0106 issue affects the VPU driver, specifically the vpu_mmap function in vpu_ioctl, where a missing bounds check can allow arbitrary address mappings. This enables local privilege escalation with no extra execution privileges and does not require user interaction. Multiple sources (N...
CVE-2023-33918
The CVE-2023-33918 entry concerns vowifiservice with a missing permission check that can lead to local information disclosure without requiring additional execution privileges. Affected component: vowifiservice; vulnerability type: information disclosure due to inadequate authorization. Impact de...
CVE-2023-38466
The CVE-2023-38466 entry describes a vulnerability in the ims service of UNISOC chipsets where a missing permission check could allow local information disclosure without requiring additional privileges. The issue is documented across multiple feeds (NVD/Red Hat/CVE/CNNVD) with the same core desc...
CVE-2023-42676
CVE-2023-42676 affects the imsservice in UNISOC chipsets, where a missing permission check enables local information disclosure by writing permission usage records. The vulnerability is described with LOCAL attack vector, low privileges required, and high confidentiality impact (CVSS v3.1: 5.5, M...
CVE-2023-42683
CVE-2023-42683 affects the gsp driver in UNISOC chipsets, caused by a missing bounds check that enables an out-of-bounds read. The consequence stated in sources is local denial of service with SYSTEM-level privileges required. Connected documents corroborate the issue in the gsp driver across mul...
CVE-2023-42694
CVE-2023-42694 concerns the wifi service on UNISOC chipsets, with a reported missing permission check in the wifi service. The cited impact is local escalation of privilege requiring no additional execution privileges, and the CVSSv3.1 base metrics indicate a HIGH severity (AV:L/AC:L/PR:L/UI:N/S:...