8153 matches found
CVE-2025-48575
Technical details (affected product, versions, root cause, fix) are not publicly provided in the supplied documents. Monitor updates from Android security bulletins and vendor advisories for concrete remediation guidance.
CVE-2025-48601
Technical details (affected products, exact root cause, and fixes) are not publicly disclosed in the provided documents. Monitor for updates from the listed sources.
CVE-2025-48612
CVE-2025-48612 affects Android work-profile contexts where an app can alter the main user's NFC payment default due to improper input validation at multiple locations. The root cause is input validation issues that enable a local escalation of privilege without additional execution privileges or ...
CVE-2025-48618
CVE-2025-48618 is an Android framework elevation-of-privilege vulnerability. In CommandParamsFactory.java, processLaunchBrowser could allow a browser interaction from the lockscreen due to improper locking, enabling physical escalation of privilege without user interaction. Impact is described as...
CVE-2025-48622
CVE-2025-48622 affects the Android/OpenCV-related code path in the dng_misc_opcodes.cpp file, within the ProcessArea, where a buffer overflow can cause an out-of-bounds read. This leads to local information disclosure without requiring user interaction or elevated privileges. The available connec...
CVE-2025-48642
The CVE-2025-48642 issue is described as a logic error in the Android payload.rs file’s jump_to_payload function that enables local information disclosure without requiring user interaction. Documented impact is information disclosure with local access; confidentiality is affected while no integr...
CVE-2025-61609
CVE-2025-61609 affects Unisoc modem components. The connected documents describe a vulnerability caused by improper input validation in the modem, which can cause a system crash and remote denial of service without requiring privileges. The impact is a DoS condition via network access, with no ex...
CVE-2026-0039
CVE-2026-0039 describes a persistent DoS via an integer overflow in multiple functions of ubsan_throwing_runtime.cpp. Affected: GrapheneOS (prior to 2026030200) and likely other components cited in NVD/NVD-derived feeds. Exploitation would be remote, with no user interaction required, and could i...
CVE-2026-0146
CVE-2026-0146 affects the Exynos MFC component referenced in Pixel security bulletins. The issue is a possible out-of-bounds write in mfc_core_get_dec_metadata_sei_nal (within mfc_core_reg_api.c) caused by a missing bounds check, which could allow remote code execution with no privileges and no u...
CVE-2026-0156
CVE-2026-0156 describes a memory safety issue in checkSsrcCollisionOnRcv of RtpSession.cpp caused by a missing null check. This could allow remote denial of service without additional execution privileges, and exploitation does not require user interaction. The information appears consistently in...
CVE-2026-0157
Summary of findings (CVE-2026-0157): The available documents consistently describe an out-of-bounds read in RtcpHeader::decodeRtcpHeader, caused by a missing bounds check. This leads to remote information disclosure without requiring user interaction; exploitation can occur over the network. The ...
CVE-2026-20415
CVE-2026-20415 affects imgsys with memory corruption due to improper locking. The issue can lead to a local denial of service if an attacker already has System privileges; exploitation requires no user interaction. The publicly cited information does not specify exploit vectors beyond the local a...
CVE-2025-20779
Summary: CVE-2025-20779 describes a use-after-free vulnerability in display handling caused by a race condition, leading to local escalation of privilege if an attacker already has System privileges. The issue is exploitable without user interaction and is categorized with a local attack vector. ...
CVE-2025-20780
CVE-2025-20780 describes a memory corruption use-after-free in display code that can enable local privilege escalation for an attacker already with System privileges; exploitation does not require user interaction. Affected entity is MediaTek chipsets’ display subsystem (root cause: use-after-fre...
CVE-2025-20784
CVE-2025-20784 affects MediaTek chipsets in the display component, where a memory corruption due to uninitialized data could allow local escalation to System privileges. Exploitation does not require user interaction. The issue is mitigated by patch ALPS10182882 (MSV-4683). The available connecte...
CVE-2025-20797
CVE-2025-20797 describes an out-of-bounds write in the battery component due to a missing bounds check. The issue can enable local privilege escalation to System level without user interaction. Affected context across multiple advisories/feeds references the same root cause and patch: ALPS1031581...
CVE-2025-32319
CVE-2025-32319 affects the Android Framework, specifically the ensureBound path in RemotePrintService.java. The issue permits a background app to bypass foreground permissions, enabling local elevation of privilege with user-execution privileges required yet no user interaction needed for exploit...
CVE-2025-48611
Summary of CVE-2025-48611 : The vulnerability is in the DeviceId.java code path (DeviceId class) where a missing bounds check can cause a desync in persistence, enabling local elevation of privilege without extra execution privileges or user interaction. This is consistently described across mult...
CVE-2025-48632
In setDisplayName of AssociationRequest.java, there is a potential vulnerability where CDM associations can persist after user disassociation due to improper input validation. This could enable local privilege escalation with no additional privileges and without user interaction. The CVE-2025-486...
CVE-2025-48634
The CVE-2025-48634 entry involves Android’s WindowManagerService relayoutWindow where a missing permission check enables a local elevation-of-privilege (EoP) attack. The vulnerability can be exploited with no user interaction and does not require additional execution privileges. Connected documen...
CVE-2025-48637
CVE-2025-48637 affects the Android/Linux kernel code path mem_protect.c, where an integer overflow can cause an out-of-bounds write. This leads to local escalation of privilege with no additional execution privileges required and no user interaction needed. Multiple connected sources (Red Hat CVE...
CVE-2025-48638
CVE-2025-48638 affects Google Android’s pKVM (protected Kernel-based Virtual Machine) in the kernel, specifically in __pkvm_load_tracing within trace.c. The flaw is an out-of-bounds write caused by improper input validation, enabling local escalation of privilege with no additional execution priv...
CVE-2026-0136
CVE-2026-0136 affects the Modem component, where a missing bounds check allows an out-of-bounds read. This can lead to remote denial of service without user interaction and with no additional execution privileges required. Public references consistently describe it as a DoS condition impacting Mo...
CVE-2026-0149
CVE-2026-0149 describes a heap-based OOB write in RtpSession::rtpSendRtcpPacket that can lead to remote code execution with no extra privileges or user interaction. Affected component mentioned in Android Pixel bulletin is libpixelimsmedia. Connected sources (NVD/OSV) corroborate the same vulnera...
CVE-2026-20425
CVE-2026-20425 describes a local escalation-of-privilege due to a missing bounds check that allows an out-of-bounds write in display logic. Exploitation requires no user interaction and would grant System-level privileges to a sufficiently privileged attacker. The reports consistently cite the sa...
CVE-2026-20426
CVE-2026-20426 describes a local privilege escalation via an out-of-bounds write caused by a missing bounds check in display handling. The vulnerability could allow a user with System privileges to escalate, with exploitation not requiring user interaction (local access). A patch is available: AL...
CVE-2026-20429
CVE-2026-20429 describes a local out-of-bounds read caused by a missing bounds check in the display path, potentially enabling local information disclosure when an attacker already has System privileges. All sources (NVD/Red Hat/OSV, etc.) consistently state: no user interaction is required and t...
CVE-2026-28576
In Android, the Contacts Provider is affected by CVE-2026-28576, caused by a SQL injection in the contacts database access path. This allows local information disclosure without extra execution privileges and without user interaction. The issue is described across CVE entries and ENISA/Android re...
CVE-2025-11131
The CVE-2025-11131 issue resides in the UNISOC nr modem. The root cause is improper input validation in the modem path, which can cause a system crash and allow remote denial of service without extra privileges. The vulnerability is network-exploitable and does not require user interaction. Publi...
CVE-2025-11132
CVE-2025-11132 affects the Unisoc nr modem. The issue is a flaw from improper input validation in the modem stack, which can cause a system crash and remote denial of service without requiring privileges. In the available connected documents, concrete exploit details for this CVE are not provided...
CVE-2025-20706
CVE-2025-20706 affects the mbrain component, where a use-after-free memory corruption issue could enable local privilege escalation if an attacker has System privileges. The vulnerability requires no user interaction. A patch is referenced (ALPS09924624; MSV-3826). Connected sources confirm the i...
CVE-2025-20747
CVE-2025-20747 describes an out-of-bounds write in the gnss service caused by an incorrect bounds check. The issue could allow a local attacker with System privileges to escalate privileges, with no user interaction required. A patch is available (Patch ID: ALPS10010443; MSV-3966). Documented ref...
CVE-2025-20766
Summary: CVE-2025-20766 refers to a memory corruption issue caused by improper input validation in MediaTek chipsets. The vulnerability could enable local escalation of privilege to SYSTEM without user interaction, as indicated by a high-severity CVSS v3.1 base score (7.8) with LOCAL attack vecto...
CVE-2025-20767
CVE-2025-20767 affects MediaTek chipsets. The issue is an out-of-bounds write caused by an integer overflow in display handling, enabling local escalation of privilege if the attacker already has System-level privileges. Exploitation details are not provided in the documents; no user interaction ...
CVE-2025-20802
In geniezone, a memory corruption vulnerability exists due to a use-after-free condition that could lead to local elevation of privilege if an attacker already has System privileges. No user interaction is required. A patch is available: ALPS10238968 (MSV-4914). This CVE references multiple sourc...
CVE-2025-22420
CVE-2025-22420 is a local elevation-of-privilege vulnerability in the Android Framework that could allow leaking audio files across user profiles due to a confused deputy. Exploitation is described as requiring no user interaction and being locally executable. The Android security bulletin and Re...
CVE-2025-36916
CVE-2025-36916 affects code path in PrepareWorkloadBuffers of gxp_main_actor.cc, where a race condition can cause a double fetch. This permits local escalation of privilege with no extra execution privileges and no user interaction needed; exploitation is local. Connected documents corroborate th...
CVE-2025-36918
CVE-2025-36918 describes an out-of-bounds read in the function aoc_service_read_message within aoc_ipc_core.c , leading to a possible local escalation of privilege with System privileges required. The prerequisite is local access; no user interaction is needed. Connected sources consistently refe...
CVE-2025-36921
CVE-2025-36921 affects Google Pixel devices via ProtocolPsUnthrottleApn() in protocolpsadapter.cpp, where a missing bounds check enables an out-of-bounds read that can lead to local information disclosure and requires baseband firmware compromise. The exploitation is reported as possible without ...
CVE-2025-36931
CVE-2025-36931: Out-of-bounds write in GetHostAddress of gxp_buffer.h allows local privilege escalation without user interaction. Documented in multiple sources (e.g., Android Pixel bulletin) as a local issue related to Pixel devices; patch guidance indicates updating to the December 2025 patch l...
CVE-2025-48594
Technical details for CVE-2025-48594 are not publicly available in the provided documents. No specifics on affected products, versions, root cause, or fixes are disclosed here. Monitor for updates from connected sources.
CVE-2025-48603
Technical details are not publicly available in the provided documents for CVE-2025-48603; monitor for updates as more data may be published by vendors and trackers.
CVE-2025-48604
Technical details for CVE-2025-48604 are not publicly provided in the connected documents. Monitoring for updates is advised as more specifics (affected products, versions, and fixes) may be released.
CVE-2025-48625
CVE-2025-48625 is a local privilege-escalation issue affecting Android (noted in the Android 16 QPR2 bulletin). The vulnerability arises from race conditions in UsbDataAdvancedProtectionHook.java, allowing access to USB data when the screen is off, with no user interaction required. Impact is des...
CVE-2025-71254
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-0007
Consolidated sources describe CVE-2026-0007 as a vulnerability in WindowInfo.cpp, writeToParcel, enabling a tapjacking/overlay attack that could grant permissions and allow local elevation of privilege without additional execution privileges. Exploitation details are not provided in the Initial d...
CVE-2026-0042
CVE-2026-0042 describes a persistent denial-of-service risk in multiple functions of ubsan_throwing_runtime.cpp due to resource exhaustion. The issue enables local denial of service without elevation of privileges and does not require user interaction. The affected context is the UBSan throwing r...
CVE-2026-0064
CVE-2026-0064 is identified as a DoS vulnerability affecting Android Framework in Android 17 release notes. The issue describes a persistent denial of service due to resource exhaustion that can lead to local denial of service without user interaction. The NVD entry lists a base score of 5.5 (MED...
CVE-2026-0068
In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...
CVE-2026-0082
CVE-2026-0082 affects the Android framework: in NfcDispatcher.java’s tryStartActivity there is an insecure default value that can automatically assign a special app access permission. This leads to local elevation of privilege with no extra execution privileges required and no user interaction ne...