8153 matches found
CVE-2026-0030
CVE-2026-0030 affects Android kernel code, specifically the function __host_check_page_state_range in mem_protect.c. The issue is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation without user interaction. Public descriptions across NVD, Red Hat, NCSC...
CVE-2026-0107
The CVE-2026-0107 issue lies in the function gmc_ddr_handle_mba_mr_req within gmc_mba_ddr.c, causing a possible local privilege escalation due to a confused deputy. No user interaction is required, and the vulnerability can be exploited locally with no additional privileges. The description is co...
CVE-2026-0137
CVE-2026-0137 affects the EdgeTPU kernel driver. The root cause is a use-after-free in the function edgetpu_sync_fence_group_shutdown() within edgetpu-dmabuf.c, which can enable a local elevation of privilege. The impact is local escalation to System execution privileges, with no user interaction...
CVE-2026-0144
The CVE-2026-0144 issue is described as a memory safety flaw in writeAocCommand of AocAudioCodec.cpp caused by a missing bounds check, potentially enabling remote denial of service without user interaction. Exploitation details, affected products/versions, and remediation are not provided in the ...
CVE-2026-0148
The connected sources confirm a concrete issue in VideoRtpPayloadDecoderNode.cpp: an integer overflow can cause an out-of-bounds write, enabling remote code execution without extra privileges or user interaction. Affected component is VideoRtpPayloadDecoderNode.cpp (multiple functions). The CVE e...
CVE-2026-20417
CVE-2026-20417 concerns the PCIe subsystem where a missing bounds check enables an out-of-bounds write, potentially allowing local escalation of privilege if the attacker already has System privileges. Exploitation is described as local with no user interaction required; CVSS v3.1 vector shows lo...
CVE-2026-20439
Summary (CVE-2026-20439): In imgsys, a use-after-free condition can cause a system crash, enabling local denial of service when an attacker already has System privileges. No user interaction is required. Public technical details are limited in the provided documents; the likely impact is local Do...
CVE-2026-28575
CVE-2026-28575 affects the Android framework in PackageInstaller.Session.transfer (frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java). The issue is described as a logic error causing memory exhaustion that can lead to a local denial of service without requiring...
CVE-2025-20743
The CVE-2025-20743 entry concerns the clkdbg component, where a use-after-free condition can lead to local privilege escalation if an attacker already has System privileges. The vulnerability does not require user interaction and has a local attack vector with low complexity. The patch reference ...
CVE-2025-20764
CVE-2025-20764 affects the MediaTek “smi” component, where a missing bounds check allows an out-of-bounds write. This can enable local escalation of privilege for an attacker who already has System privileges, with no user interaction required. The issue is associated with patch ALPS10259774 (Iss...
CVE-2025-20773
The CVE-2025-20773 entry describes a memory corruption via use-after-free in the MediaTek chipsets display path, enabling local escalation of privilege for an attacker already with System privileges. No user interaction is required. The vulnerability impact is described as high for confidentialit...
CVE-2025-20801
In seninf, a race condition can cause memory corruption leading to local privilege escalation when a user already has System privileges. No user interaction is required. A patch is available (Patch ID: ALPS10251210; Issue ID: MSV-4926). The issue is documented across multiple feeds (NVD, Red Hat,...
CVE-2025-20804
CVE-2025-20804 : The description indicates a memory corruption via a use-after-free in the dpe component, enabling local escalation of privilege to System level with user interaction required for exploitation. The entry notes a Patch ID ALPS10198951 and Issue ID MSV-4503. Public references across...
CVE-2025-48525
Summary: CVE-2025-48525 affects the Android Framework (DisassociationProcessor.java). It describes an input validation issue allowing an app to continue reading notifications when not associated to a companion device, enabling local elevation of privilege with no extra privileges and no user inte...
CVE-2025-48536
CVE-2025-48536 affects Android’s SettingsSliceProvider.java, specifically grantAllowlistedPackagePermissions. A third-party app could abuse a “confused deputy” flaw to modify secure settings, enabling local elevation of privilege with no extra execution privileges and no user interaction required...
CVE-2025-48566
CVE-2025-48566 is reported in multiple sources (Android bulletin and Red Hat) as a local elevation-of-privilege vulnerability in Android Framework related to bypassing user profile boundaries via a forwarded Intent, caused by improper input validation. The issue affects Android Framework componen...
CVE-2025-48598
Technical details (affected products, vulnerable components, fixes) are not provided in the connected documents. Monitor for updates from vendors (Android, Red Hat, ENISA OSV) for concrete impact, affected products, and patches.
CVE-2025-71253
CVE-2025-71253 concerns Modem IMS with an input validation flaw that can allow remote denial of service without extra privileges. The issue is described as improper input validation in Modem IMS, leading to availability impact (high) per CVSS vector: Network access, no user interaction, low attac...
CVE-2026-0019
CVE-2026-0019 affects SettingsLib and enables a logic-error path that could disable system components, enabling local privilege escalation without extra privileges or user interaction. The issue is classified as Elevation of Privilege (High) in Android 17 release notes; patches are included in An...
CVE-2026-0111
CVE-2026-0111 affects the function ns_GetUserData in ns_SmscbUtilities.c, where an incorrect bounds check can cause an out-of-bounds write. This vulnerability could enable remote escalation of privilege without user interaction. Connected documents (Red Hat CVE entry, NVD/NVD-based summaries, EUV...
CVE-2026-0114
CVE-2026-0114 affects the Modem component, with an out-of-bounds write caused by an incorrect bounds check that could lead to remote code execution without user interaction or privileges. The description across Red Hat, NVD, EUVD, Android Pixel bulletin, and OSV entries consistently references th...
CVE-2026-0128
CVE-2026-0128 affects code in RtcpFbPacket::decodeRtcpFbPacket, where an integer overflow can trigger an out-of-bounds read. This could lead to remote information disclosure without extra privileges. Exploitation requires user interaction. The connected documents consistently describe the same is...
CVE-2026-0138
The CVE-2026-0138 issue affects the function lwis_io_buffer_write in lwis_io_buffer.c, described across multiple sources (NVD, ENISA EUVD, CVE listings, OSV) as a possible out-of-bounds write caused by memory corruption. Impact is local elevation of privilege requiring system execution privileges...
CVE-2026-0155
CVE-2026-0155 describes an OOB read in ImsMediaBitReader::ReadByteBuffer caused by a missing bounds check. This leads to remote information disclosure without additional execution privileges and requires no user interaction. The CVSS 3.1 vector indicates Network access with low attack complexity ...
CVE-2026-20416
The CVE-2026-20416 entry concerns an out-of-bounds write in pcie caused by a missing bounds check, enabling local privilege escalation to System level without user interaction. Affected scope includes MediaTek-based PCIe components (as reflected across NVD/Red Hat OSV, CVE lists, and PT-security ...
CVE-2026-20428
CVE-2026-20428 describes a local out-of-bounds write caused by a missing bounds check in display logic, enabling local privilege escalation to SYSTEM without user interaction. The issue is documented with a patch identifier ALPS10320471 (Issue MSV-5536). Connected sources corroborate the same des...
CVE-2026-20438
CVE-2026-20438 affects MAE with a race-condition out-of-bounds write that can cause local privilege escalation without user interaction. The issue requires the System privilege to exploit and is associated with Patch ID ALPS10431920 and Issue MSV-5835. Red Hat and other feeds corroborate the same...
CVE-2026-20440
CVE-2026-20440 concerns MediaTek MAE (MediaTek chipsets). The flaw is an out-of-bounds write caused by a missing bounds check in MAE, enabling local privilege escalation without user interaction once System privileges are held. Affected component/impact: local escalation of privilege with high co...
CVE-2026-20443
CVE-2026-20443 involves a memory corruption vulnerability caused by a use-after-free in the display path of MediaTek chipsets. This can lead to local escalation of privilege if an attacker already has System-level privileges; exploitation does not require user interaction. The issue is tracked wi...
CVE-2026-28615
CVE-2026-28615 affects Telecomm and is described as a permissions bypass that could allow initiating an unauthorized phone call, leading to local elevation of privilege without any additional execution privileges or user interaction. Technical details across sources confirm the vulnerability is l...
CVE-2025-20722
CVE-2025-20722 affects the gnss driver with an out-of-bounds read caused by an integer overflow. Exploitation would lead to local information disclosure if the attacker already has System privileges; no user interaction is required. A patch (ALPS09920036) is referenced (Issue MSV-3798).
CVE-2025-20749
In MediaTek charger-related CVE-2025-20749, the flaw is an out-of-bounds write caused by a missing bounds check. This can enable local escalation of privilege for an attacker who already has System privileges, with no user interaction required. Affected component is the charger subsystem; the iss...
CVE-2025-20765
CVE-2025-20765 affects the MediaTek/MediaTek-derived environment where the race condition in the aee daemon can cause a system crash leading to local denial of service. Exploitation is described as possible without user interaction, but requires the attacker to already have System privileges. The...
CVE-2025-20771
CVE-2025-20771 relates to a local privilege-escalation in MediaTek chipsets due to improper input validation. A malicious actor already with System privileges could exploit this without user interaction, per multiple feeds. The underlying flaw is in input handling leading to elevation of privileg...
CVE-2025-20778
The CVE-2025-20778 entry describes an out-of-bounds write in the display component that could enable local privilege escalation if the attacker already has System privileges; exploitation does not require user interaction. The issue is tied to a missing bounds check and is documented across multi...
CVE-2025-20796
CVE-2025-20796 affects imgsys with an out-of-bounds write caused by improper input validation. The issue can lead to local privilege escalation if an attacker already has System privileges and must involve user interaction for exploitation. A patch is referenced (ALPS10314745; MSV-5553). CVSS v3....
CVE-2025-20805
CVE-2025-20805 affects dpe with a memory corruption via use-after-free. The issue can lead to local escalation of privilege if an entity already has System privileges, with no user interaction required. Patch ALPS10114696 mitigates this, under MSV-4480. Connected sources (Red Hat, NVD, CVE record...
CVE-2025-36919
CVE-2025-36919: A double-free condition in aocc_read within aoc_channel_dev.c due to improper locking enables local elevation of privilege. Exploitation requires local access (no user interaction). Multiple feeds (NVD/Red Hat/CNVD/CVELIST) reference the same issue with AoC component; Pixel Androi...
CVE-2025-36920
CVE-2025-36920 describes an out-of-bounds write in the kernel component arch/arm64/kvm/hyp/nvhe/alloc.c’s hyp_alloc function caused by insufficient input validation. The vulnerability enables local escalation of privilege without requiring additional execution privileges, and exploitation reporte...
CVE-2025-36924
CVE-2025-36924 describes an out-of-bounds write in ss_DecodeLcsAssistDataReqMsg() within ss_LcsManagement.c due to an incorrect bounds check. The impact is remote escalation of privilege with no additional execution privileges needed and no user interaction required. Connected sources include And...
CVE-2025-48569
CVE-2025-48569 is an Android DoS vulnerability described in multiple sources as a possible permanent denial of service caused by resource exhaustion, exploitable locally without user interaction. The Red Hat, CIRCL, EUVD, NVD and Android bulletin entries concur on the issue, with the Android 16 Q...
CVE-2025-48606
CVE-2025-48606 is a logic-error-based vulnerability in Android’s InstallPackageHelper.java (preparePackage) that can cause an app to appear hidden at install, without an uninstall mechanism, enabling local privilege escalation with no extra execution privileges and no user interaction. It is docu...
CVE-2025-48639
CVE-2025-48639 affects the Android Framework, specifically DefaultTransitionHandler.java, where a tapjacking/overlay flaw can unknowingly grant permissions to an app. This enables local elevation of privilege with user interaction required for exploitation. Public references indicate patch levels...
CVE-2025-48650
CVE-2025-48650 is described in public sources as an information disclosure via SQL injection that can lead to local privilege escalation with no additional execution privileges and no user interaction required. The initial entry does not specify affected products or versions. Connected documents ...
CVE-2025-61607
CVE-2025-61607 affects Unisoc nr modem (Modem component). Root cause: improper input validation causing a system crash, enabling remote denial of service with no privileges required (CVSSv3.1: 7.5, Network, No user interaction). Affected platform notes from multiple sources reference Android patc...
CVE-2026-0092
The CVE-2026-0092 entry is tied to the Android Package Manager and describes a device lock controller bypass caused by a missing permission check. The underlying issue enables local escalation of privilege with no extra execution privileges and requires no user interaction. The impact is describe...
CVE-2026-0122
CVE-2026-0122 is reported in Pixel updates as a Remote Code Execution risk in the Baseband component, caused by an out-of-bounds write/memory corruption. Exploitation is described as requiring no user interaction and could allow remote code execution with high impact. The Pixel Bulletin lists the...
CVE-2026-0131
The CVE-2026-0131 entry affects the code path In RtpPacket::decodePacket, where an integer overflow can cause an out-of-bounds access. This vulnerability could enable local escalation of privilege with no additional execution privileges required, and exploitation requires user interaction. Connec...
CVE-2026-0135
CVE-2026-0135 affects the Modem component, where a missing bounds check can enable an out-of-bounds read. This can lead to remote code execution with no additional privileges required and no user interaction. Several connected sources (NVD, EUVD-ENISA, CVE listings, OSV and PT-Security entries) c...
CVE-2026-0145
CVE-2026-0145 affects Keymint; a logic error allows a permission bypass leading to local information disclosure without extra privileges or user interaction. Exploitation status and fix details are not provided in the supplied documents; several sources list the issue but no patch information is ...