8153 matches found
CVE-2021-0963
CVE-2021-0963 involves a tapjacking/overlay vulnerability in KeyChainActivity.java that could allow an app certificate stored in the Android keychain to be misused, resulting in local elevation of privilege. Public details in the provided documents confirm the issue affects Android versions 9–12 ...
CVE-2021-39661
CVE-2021-39661 affects the PowerVR kernel driver on Android. In the function PMRLogicalOffsetToPhysicalOffset , a missing bounds check can cause an out-of-bounds write, leading to local escalation of privilege with no additional execution privileges or user interaction required. Exploitation stat...
CVE-2022-20119
CVE-2022-20119 affects the Android display/graphics path (mali_gralloc_buffer.h, private_handle_t) where an uninitialized data path allows local information disclosure. The root cause is uninitialized data in the private_handle_t structure, enabling information leakage without extra execution pri...
CVE-2022-20236
CVE-2022-20236 is referenced in the Android Security Bulletin under Unisoc GPU; the affected component is a UNISOC GPU driver. The underlying root cause and specific impact are not detailed in the provided documents. The CVSS from NVD indicates HIGH impact with network attack vector and no user i...
CVE-2022-20386
CVE-2022-20386 is listed in Android security bulletin details as affecting Android with Unisoc components (Unisoc U-1903099*). Severity is High. The connected sources do not provide concrete root-cause, exploit details, affected product versions, or a remediation/patch version. The CVE appears wi...
CVE-2022-32635
CVE-2022-32635 concerns an out-of-bounds write in the gps component, caused by a missing bounds check, which could enable local escalation of privilege with no user interaction needed. Multiple connected sources reference this exact issue (MediaTek ALPS07573237) and reiterate that exploitation wo...
CVE-2022-42755
CVE-2022-42755 describes a missing bounds check in a WLAN driver function, causing local denial-of-service via out-of-bounds access (heap overflow/out-of-bounds write) as per Red Hat, NVD and OSV entries. The affected component is the WLAN driver; root cause is parameter/bounds checking omissions...
CVE-2022-44429
Technical details about CVE-2022-44429 are not publicly provided in the supplied documents. No confirmed affected products, versions, or fixes are listed here. Monitor for official disclosures and vendor advisories.
CVE-2023-20780
The CVE-2023-20780 entry concerns MediaTek/MVK keyinstall: a missing bounds check in the keyinstall module can cause local information disclosure, requiring System privileges with no user interaction. Affected component is the keyinstall path; impact is local information disclosure with potential...
CVE-2023-21101
CVE-2023-21101 concerns a race condition in WVDrmPlugin.cpp that leads to a use-after-free, enabling local escalation of privilege. The vulnerability is described as requiring no user interaction and enabling exploitation locally, with the Android Widevine DRM component implicated. The linked doc...
CVE-2023-21279
CVE-2023-21279 concerns Android’s RemoteViews.visitUris, where a confused deputy could enable cross-user media reads and local information disclosure without extra execution privileges. The vulnerability is discussed across multiple sources tied to the Android security ecosystem (NVD, Red Hat, PR...
CVE-2024-0026
CVE-2024-0026 corresponds to a DoS in Android’s SnoozeHelper.java, causing a persistent denial of service through resource exhaustion. Affected component: Android framework/system code on Google Android. Impact: local DoS with no extra execution privileges and no user interaction required. Source...
CVE-2024-20023
CVE-2024-20023 concerns the MediaTek/flashc component, where an out-of-bounds write can occur due to lack of validation. This could permit local escalation to SYSTEM privileges without user interaction. The issue is documented across several sources (e.g., NVD/Red Hat/NCSC etc.) and is associated...
CVE-2024-23705
CVE-2024-23705 is an Android elevation-of-privilege vulnerability described across multiple feeds. Affected software is Google Android; root cause is improper input validation in multiple locations allowing local escalation of privilege. Exploitation reportedly requires user interaction (per init...
CVE-2024-25988
CVE-2024-25988 describes an out-of-bounds read in the SAEMM_DiscloseGuti path of SAEMM_RadioMessageCodec.c, causing potential remote information disclosure without extra execution privileges. Affected component is related to Google/Pixel modem code; exploitation is described as requiring no user ...
CVE-2024-25991
CVE-2024-25991 affects Google/Pixel devices and relates to the ACPM/TMU component. The root cause is a missing bounds check in the function acpm_tmu_ipc_handler within tmu_plugin.c, leading to a possible out-of-bounds read. Impact is information disclosure localized to the attacker’s host with no...
CVE-2024-27227
CVE-2024-27227 affects Google Pixel devices via the modem component, with remote code execution reported as the impact. The Pixel security bulletin lists this CVE under the Modem subcomponent with a High severity and notes that applying patch level 2024-03-05 or later mitigates issues described i...
CVE-2017-0675
CVE-2017-0675 is a remote code execution vulnerability in the Android media framework affecting Android 6.0.1, 7.0, 7.1.1, and 7.1.2. The issue is described as RCE in the media framework with impact to confidentiality, integrity, and availability. The Android bulletin indicates that the most seve...
CVE-2020-0241
CVE-2020-0241 is a Media Framework issue in Android (NuPlayerStreamListener.cpp) where a double free leads to memory corruption, enabling local privilege escalation with no user interaction. Affected: Android 8.0–10. Root cause: memory-management error in NuPlayerStreamListener. Impact: local ele...
CVE-2020-0385
CVE-2020-0385 affects Android via the Media Framework component, specifically in eas_mdls.c Parse_insh, where an out-of-bounds write could disclose information. Exploitation requires user interaction; impact is information disclosure without remote code execution. Affected Android versions includ...
CVE-2020-0414
CVE-2020-0414 affects Android’s Media Framework (AudioFlinger::RecordThread::threadLoop). A permissions bypass could allow a remote attacker to read a non-silenced audio buffer, leading to information disclosure without extra execution privileges, with exploitation requiring user interaction. Aff...
CVE-2020-0420
CVE-2020-0420 affects Android Framework due to a missing permission check in setUpdatableDriverPath in GpuService.cpp, enabling local EoP with no user interaction. The NVD/NCSC/Red Hat entries confirm a memory-corruption path leading to privilege escalation. The Android Security Bulletin lists th...
CVE-2020-0459
The CVE-2020-0459 issue affects Android’s WifiConfigManager.java (sendConfiguredNetworkChangedBroadcast) and is an information-disclosure flaw caused by a missing permission check. It allows local disclosure of WiFi network names without extra execution privileges, with no user interaction requir...
CVE-2021-0596
CVE-2021-0596 is an out-of-bounds read in the NFC path (phNciNfc_RecvMfResp in phNxpExtns_MifareStd.cpp) caused by a missing bounds check. This allows remote information disclosure over NFC with no extra execution privileges and no user interaction. Affected are Android versions 8.1, 9, 10, and 1...
CVE-2021-0691
CVE-2021-0691 affects Android 11 via an overly-permissive SELinux policy in system_app.te, enabling a local attacker with system execution privileges to gain code execution in other processes. The Red Hat and NVD entries describe a local elevation of privilege vulnerability that does not require ...
CVE-2021-0964
CVE-2021-0964 is an out-of-bounds write in the MP3 decoding path: in C2SoftMP3Dec.cpp, C2SoftMP3::process() a heap buffer overflow can lead to remote information disclosure without extra privileges. Affected Android versions: 9–12. Exploitation requires user interaction. References note this vuln...
CVE-2021-39621
CVE-2021-39621 is an Android elevation-of-privilege vulnerability in the LegacyModeSmsHandler.java’s sendLegacyVoicemailNotification. It relies on an unsafe PendingIntent to bypass permissions, enabling local privilege escalation from Android 9 to 12. The issue does not require user interaction f...
CVE-2021-39659
CVE-2021-39659 affects Google Android (10–12) and concerns the method sortSimPhoneAccountsForEmergency in CreateConnectionProcessor.java. An unhandled exception can block access to emergency calling, potentially causing a local denial of service with user privileges. Exploitation details are not ...
CVE-2021-39724
CVE-2021-39724 is an Android/kernel issue: in TuningProviderBase::GetTuningTreeSet there is an out-of-bounds read due to a missing bounds check. This can enable local information disclosure with system privileges required. The vulnerability affects the Android kernel via tuning_provider_base.cc a...
CVE-2022-20390
Technical details about CVE-2022-20390 are not publicly available in the provided documents. Monitor the Android Bulletin and vendor advisories for updates and fixes.
CVE-2022-44434
CVE-2022-44434 affects a messaging service component and is caused by a missing permission check, enabling local denial of service in the contacts service with no extra privileges required. The vulnerability has a CVSS v3.1 base score of 5.5 (AV:L, AC:L, PR:L, UI:N, S:U, C:N, I:N, A:H), indicatin...
CVE-2023-21086
CVE-2023-21086 concerns a permissions bypass in Android’s NFC runtime: in the isToggleable logic of SecureNfcEnabler.java and SecureNfcPreferenceController.java , an attacker could enable NFC from a secondary/guest account without additional execution privileges or user interaction. Reported as a...
CVE-2023-21248
CVE-2023-21248 affects Android’s WifiScanningMainSwitchPreferenceController.java. The issue is a missing permission check in getAvailabilityStatus, which could bypass a device policy restriction and enable local escalation of privilege without additional execution privileges. Exploitation details...
CVE-2023-35668
The CVE-2023-35668 entry affects Android’s Notification.java visitUris path, where a confused deputy could cause an image display from another user. This is an information-disclosure vulnerability with local impact and no execution privileges required (no user interaction). Connected sources corr...
CVE-2023-40080
CVE-2023-40080 involves the Bluetooth stack in Android (btm_ble_gap.cc) where a logic error can cause an out-of-bounds write, leading to local elevation of privilege without extra execution privileges or user interaction. The issue is categorized with high impact and is described across multiple ...
CVE-2024-31312
CVE-2024-31312 affects Google Android Framework. It describes a local information disclosure due to a missing permission check in multiple locations, allowing access to played media without extra privileges and without user interaction. The issue is listed in the Android Security Bulletin and is ...
CVE-2024-31336
The CVE-2024-31336 entry concerns PVRSRVBridgeRGXKickTA3D2 in server_rgxta3d_bridge.c, affecting the PowerVR-GPU component. The issue is described as an arbitrary code execution caused by improper input validation, enabling local kernel privilege escalation without extra privileges or user intera...
CVE-2024-43077
CVE-2024-43077 : Affects Google Android via the DevmemValidateFlags function in devicemem_server.c. The vulnerability is described as an out-of-bounds write caused by memory corruption, enabling local escalation of privilege with no additional execution privileges and no user interaction required...
CVE-2020-0181
CVE-2020-0181 affects libexif: the DoS is due to an integer overflow in exif_data_load_data_thumbnail within exif-data.c. The Nessus/NVD data describe remote denial of service with network access and no user interaction. Multiple advisories (Unity Linux, MiracleLinux, SUSE, Red Hat) reference thi...
CVE-2020-0243
CVE-2020-0243 is a Media Framework elevation-of-privilege vulnerability in Android. In clearPropValue of MediaAnalyticsItem.cpp, an improper locking leads to a use-after-free that could allow a local attacker to escalate privileges within the media server. Impact is described as local escalation ...
CVE-2020-0400
CVE-2020-0400 affects Android (Android-10/Android-11) in the NotificationMgr.showDataRoamingNotification path. The root cause is an unsafe PendingIntent, enabling a local permission bypass that could disclose data. Exploitation is local with no user interaction required (UI: NONE). The issue is c...
CVE-2021-0314
The CVE-2021-0314 issue affects Android’s UninstallerActivity in the Framework. It describes a tapjacking/overlay-based method to uninstall an app without informed user consent, leading to local elevation of privilege with User execution privileges needed. Affected Android versions include 8.1, 9...
CVE-2021-0437
CVE-2021-0437 is a local elevation-of-privilege issue in Android’s DRM module. The root cause is a possible double free in DrmPlugin.cpp within setPlayPolicy, which could allow a privileged process to escalate privileges without additional execution privileges or user interaction. Affected OS ver...
CVE-2021-0483
CVE-2021-0483 affects Android’s Media Framework via the AAudioService: a race condition can cause a use-after-free, enabling local elevation of privilege with user privileges and no user interaction needed. The issue is documented across multiple feeds (NVD/Red Hat/ CVE lists) with Android 10–11 ...
CVE-2021-39710
CVE-2021-39710 is listed in the Pixel security bulletin as a Telephony-related Elevation of Privilege (EoP) vulnerability in the Android kernel, categorized as High impact. The CVE entry in the bulletin confirms the affected component (Kernel/Telephony) and assigns a High severity for Pixel devic...
CVE-2021-39712
CVE-2021-39712 is an Elevation of Privilege issue in the Android kernel tied to a race-condition leading to a possible user-after-free. The connected Pixel bulletin and related records confirm this vulnerability affects the Android kernel (upstream kernel) and can enable local privilege escalatio...
CVE-2021-39731
CVE-2021-39731 concerns an out-of-bounds write in Android’s ProtocolStkProactiveCommandAdapter::Init (protocolstkadapter.cpp). The vulnerability arises from an incorrect bounds check in the Android kernel component, enabling a local elevation of privilege with System execution privileges, without...
CVE-2021-39736
CVE-2021-39736 affects the Android kernel: in lwis_ioctl.c and lwis_periodic_io.c, an integer overflow can cause an out-of-bounds write, enabling local elevation of privileges with SYSTEM access. Exploitation details are not provided in the documents, and no user interaction is required for explo...
CVE-2022-44432
CVE-2022-44432 describes a vulnerability in the WLAN driver where a missing bounds check could allow a local denial-of-service in WLAN services. The concrete details in the provided documents are limited to this root cause and its local impact; no public exploit information, affected vendor/produ...
CVE-2023-21401
CVE-2023-21401 : Concrete details across connected docs show an out-of-bounds write in the Linux kernel component DevmemIntChangeSparse within devicemem_server.c caused by an integer overflow. This can enable local escalation of privilege with no extra execution privileges or user interaction req...