8153 matches found
CVE-2025-32331
CVE-2025-32331 involves a logic error in showDismissibleKeyguard within KeyguardService.java that could allow bypassing app pinning, enabling local escalation of privilege without user interaction. The connected sources consistently describe a local-privilege-elevation scenario tied to KeyguardSe...
CVE-2025-32345
The CVE-2025-32345 issue affects Android’s ContentProtectionTogglePreferenceController.java (updateState), where a logic error allows a secondary user to disable the primary user’s deceptive app scanning setting. This enables local privilege escalation with no additional privileges or user intera...
CVE-2025-32346
CVE-2025-32346 pertains to VoicemailSettingsActivity.java in Android, where a confused deputy allows disclosure of work profile contact numbers, enabling local escalation of privilege with no additional privileges and no user interaction required. The connected documents reiterate the same root c...
CVE-2025-36905
CVE-2025-36905 describes a vulnerability in gxp_mapping_create within gxp_mapping.c, caused by a logic error that enables local privilege escalation with no additional privileges or user interaction required. Exploitation details are not provided in the connected documents. The Pixel bulletin ent...
CVE-2025-48541
CVE-2025-48541 : In the Android code path, the bug occurs in the onCreate of FaceSettings.java, where improper input validation can remove biometric unlock across user profiles. This enables local escalation of privilege with no additional execution privileges required, and exploitation does not ...
CVE-2025-48565
The CVE-2025-48565 entry describes a logic error in Android’s cross-profile intent filtering, enabling local escalation of privilege without extra execution privileges or user interaction. Affected component is the Framework/IntentResolver logic in multiple Android locations, with exploitation de...
CVE-2025-48573
The CVE-2025-48573 entry describes a local elevation-of-privilege in Android's MediaSessionRecord.java via a path in sendCommand that could allow launching a foreground service while the app is backgrounded (FGS while-in-use abuse). The issue enables privilege escalation without extra execution p...
CVE-2025-48602
CVE-2025-48602 describes a logic error in Android’s KeyguardViewMediator.java (exitKeyguardAndFinishSurfaceBehindRemoteAnimation) that can cause a lockscreen bypass, enabling local escalation of privilege without additional execution privileges or user interaction. Affected software is the Androi...
CVE-2026-0010
CVE-2026-0010 involves the IDrmManagerService.cpp onTransact function, where a missing bounds check allows an out-of-bounds write that could enable local escalation of privileges without user interaction. The vulnerability is reported across multiple feeds (Android-related CVE entry, Red Hat, CIR...
CVE-2026-0024
The CVE-2026-0024 issue is in Android’s MediaProvider.java (isRedactionNeededForOpenViaContentResolver). A missing permission check could reveal the location of media, causing local information disclosure with no extra privileges and without user interaction. The connected sources (NVD, Red Hat, ...
CVE-2026-0100
CVE-2026-0100 : The description across NVD, OSV, and vuln enrichment indicates a vulnerability in the Load path of LoadedArsc.cpp causing an out-of-bounds write via a heap buffer overflow. This can enable local privilege escalation with no extra execution privileges required; exploitation is poss...
CVE-2023-38438
CVE-2023-38438 affects vowifiservice. The issue is a missing permission check in vowifiservice that can lead to local information disclosure without additional execution privileges. According to NVD metrics, the attack is local with low privileges required, and can disclose high-confidentiality d...
CVE-2023-38450
CVE-2023-38450 concerns the vowifiservice with a missing permission check that can allow local escalation of privilege. Vulnerable component: vowifiservice; root cause: inadequate permission validation. Impact per sources: local privilege escalation with high impact; exploitation context: local a...
CVE-2023-42674
CVE-2023-42674 affects the IMS service (imsservice) in UNISOC chipsets. The vulnerability arises from a missing permission check that permits writing permission usage records for an app, enabling local information disclosure without requiring additional execution privileges. Multiple sources corr...
CVE-2023-42680
The CVE-2023-42680 entry concerns a vulnerability in the GPU driver where a missing bounds check enables an out-of-bounds read, potentially causing local denial of service with SYSTEM privileges. The available documents consistently describe the issue as a GPU driver boundary-check failure and it...
CVE-2023-42720
CVE-2023-42720 affects the video service in UNISOC chipsets. The root cause is a missing bounds check leading to an out-of-bounds read, which could enable local denial of service with no additional privileges. The CVSS 3.1 base score is 5.5 (Medium) with local attack vector and no user interactio...
CVE-2024-49714
CVE-2024-49714 is an elevation-of-privilege vulnerability in the AVRCP vendor message path: in avrc_vendor_msg within avrc_opt.cc, a heap-buffer overflow can cause an out-of-bounds write. This enables local escalation on a paired device without extra privileges or user interaction. Exploitation i...
CVE-2025-0089
CVE-2025-0089 affects the Android Launcher application and is described as a logic error that can enable local escalation of privilege without user interaction. The issue is listed in the Android security bulletin with high severity (EoP) for Framework and related components, and patch levels 202...
CVE-2025-22424
CVE-2025-22424 is described across multiple sources as an Android vulnerability arising from improper input validation that can cause images to be revealed across users, enabling local privilege escalation with no extra execution privileges. The NVD entry assigns a CVSS v3.1 base score of 7.8 (Hi...
CVE-2025-32347
CVE-2025-32347 affects the Android BiometricEnrollIntroduction.java onStart path, where an unsafe PendingIntent can disclose the device’s location, enabling local privilege elevation with no extra privileges. Exploitation requires user interaction. Root cause: unsafe PendingIntent leading to info...
CVE-2025-36898
CVE-2025-36898 is a local elevation-of-privilege vulnerability affecting Google Pixel devices, tied to a logic error in the Pixel Sim Lock component. Exploitation requires local access; no user interaction is needed. The CVSS v3.1 score is 7.8 (High) with exploitation described as LOCAL, LOW comp...
CVE-2025-36902
In CVE-2025-36902, the vulnerable component is syna_tcm2_sysfs.c, specifically the syna_cdev_ioctl_store_pid() function. It reports a heap buffer overflow causing an out-of-bounds write, which could enable local escalation of privilege with System execution privileges required. Exploitation requi...
CVE-2025-48531
CVE-2025-48531 affects CredentialStorage in Android. A logic error in getCallingPackageName enables a permission bypass, leading to local escalation of privilege with no extra execution privileges or user interaction required. Connected sources confirm the issue but do not provide specific exploi...
CVE-2025-48532
Affected software: Android MediaProvider.java (markMediaAsFavorite).Root cause: a confused deputy flaw allows bypassing the WRITE_EXTERNAL_STORAGE permission, enabling local elevation of privilege.Impact: elevates privileges locally with high confidentiality, integrity and availability implicatio...
CVE-2025-48534
CVE-2025-48534 affects Android’s CellBroadcast handling code. In getDefaultCBRPackageName of CellBroadcastHandler.java, a logic error may allow privilege escalation, yielding local denial of service with System execution privileges and no user interaction required. Current connected sources confi...
CVE-2025-48561
Technical details about CVE-2025-48561 are not provided in the connected documents. Monitor for updates.
CVE-2025-48645
CVE-2025-48645 concerns Google Android. The vulnerability arises from an improper input validation in the Android framework’s DeviceAdminInfo.loadDescription, allowing a malicious local attacker to achieve local elevation of privilege without user interaction. The impact is described as persisten...
CVE-2026-0009
CVE-2026-0009 affects Google Android. The issue is described as a logic error in multiple locations enabling tapjacking that could lead to local privilege escalation with no user interaction required. CVSS v3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base score 7.8 (HIGH). Connected sources ...
CVE-2026-0014
CVE-2026-0014 affects AppOpsService.java (method isPackageNullOrSystem) and describes a possible persistent denial of service due to improper input validation. The issue enables local DoS without user interaction or privileges, as indicated in multiple sources. Exploitation status and specific ex...
CVE-2026-0046
Technical details are not publicly available in the provided connected documents beyond the general CVE-2026-0046 description (InputInterceptor/Letterbox.java, tapjacking/overlay scenario). Monitor for updates.
CVE-2026-0056
CVE-2026-0056 describes a read out of bounds in setTo of ResourceTypes.cpp, leading to local information disclosure without extra privileges. The issue is labeled as a low-severity, local vulnerability with no user interaction required. Concrete technical details beyond the affected file (Resourc...
CVE-2026-0070
CVE-2026-0070 affects Android’s DevicePolicyManagerService.java, where improper input validation can enable hiding a system critical package, causing a local denial of service without extra privileges. The available documents consistently describe the issue as a local DoS through the described co...
CVE-2026-0074
CVE-2026-0074 describes a potential denial of service via the getPreferredSize path in LauncherProcessImageListener.kt, where a resource exhaustion condition could be triggered locally. The available documents consistently report a DoS risk requiring local access, with no user interaction needed....
CVE-2026-0085
CVE-2026-0085 relates to a vulnerability in the DataRowHandler.java function applySimpleFieldMaxSize , where improper input validation could allow inserting an unusually large contact name. The result is a local Denial of Service with no extra privileges and no user interaction required. Document...
CVE-2026-0099
Technical details about CVE-2026-0099 are not publicly available in the provided connected documents. Monitor for updates from official sources; no further specifics (affected products, root cause, impact, or fixes) are disclosed here.
CVE-2026-0150
CVE-2026-0150 affects EdgeTPU firmware, specifically the ExecuteGraph command handler. The issue is a possible out-of-bounds write caused by an integer overflow, enabling local escalation of privilege with root privileges required. Exploitation does not require user interaction. The available con...
CVE-2023-38452
Technical details (affected components, versions, exploit scenarios, patches) are not publicly provided in the connected documents. Monitor sources for updates.
CVE-2023-42688
The CVE-2023-42688 issue is described across connected sources as a missing permission check in the wifi service, enabling local privilege escalation with no extra privileges. This aligns with the Red Hat/NVD/CNNVD entries and the UNISOC/CNNVD narratives, showing a local-privilege-elevation impac...
CVE-2023-42734
The CVE-2023-42734 entry describes a vulnerability in the telephony service where a missing permission check can lead to local information disclosure without requiring additional execution privileges. Affected component: telephony service (platform-level). Root cause: insufficient access control ...
CVE-2025-26464
CVE-2025-26464 is an elevation-of-privilege issue in Android tied to AppSearchManagerService.java (executeAppFunction). The described logic error could cause a background activity to launch, enabling local privilege escalation without user interaction. Documents consistently refer to this vulnera...
CVE-2025-32327
CVE-2025-32327 affects Google Android via SQL injection in multiple functions of PickerDbFacade.java, enabling unauthorized data access and local elevation of privilege with no user interaction. Impact and exploit details are stated in multiple sources (NVD, Red Hat, CNVD, OSV). Root cause is an ...
CVE-2025-36890
CVE-2025-36890 is a WLAN Elevation of Privilege issue affecting Google Pixel devices. The public details indicate a root cause in the BCM WiFi driver: an out‑of‑bounds/write issue when handling firmware messages, specifically when wl_notify_scan_status is invoked in response to the WLC_E_SCAN_COM...
CVE-2025-36896
CVE-2025-36896 affects WLAN on Google Pixel devices running Android prior to the 2025-09-05 patch level. The issue is an elevation of privilege in the WLAN component; CVSS 3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction required. The Pixel security bulletin groups th...
CVE-2025-36903
CVE-2025-36903 affects the lwis_io_buffer_write path (lwis) with an out-of-bounds read/write caused by insufficient input validation. The issue enables local elevation of privilege without extra execution privileges or user interaction (per the CVE description and corroborating sources). Public r...
CVE-2025-48523
CVE-2025-48523 targets Android: the issue occurs in onCreate of SelectAccountActivity.java and allows adding contacts without the required permission due to a logic error. This enables local escalation of privilege with no additional execution privileges and without user interaction. Impact is de...
CVE-2025-48542
CVE-2025-48542 is an Android vulnerability affecting AccountManagerService.java, causing a possible permanent denial of service due to resource exhaustion. Exploitation is local, requires no additional privileges, and does not require user interaction. Multiple connected sources corroborate the i...
CVE-2025-48587
CVE-2025-48587 is linked to Google Android and involves multiple functions in ProfilingService.java where improper input validation can cause a persistent local denial of service without user interaction or extra privileges. The condition is confirmed across CVE/NVD entries and mirrored in relate...
CVE-2026-0050
Technical details are not publicly available in the provided documents for CVE-2026-0050. Monitor for updates from official advisories.
CVE-2026-0142
CVE-2026-0142 affects the AVB component (iavb_parse_key_data in avb_rsa.c). The root cause is an out-of-bounds read due to improper input validation, leading to local information disclosure without extra privileges or user interaction. Connected documents confirm the same description across multi...
CVE-2026-28580
Technical details about CVE-2026-28580 (affected products, vulnerable components, root cause, and fixes) are not publicly available in the provided documents. Monitor for updates in the connected feeds (NVD, EUVD, OSV) for confirmation and patches.