8153 matches found
CVE-2018-9384
CVE-2018-9384 is documented in the Pixel/Android security context as a kernel‑level issue (Kernel components → Upstream kernel) that could enable bypassing KASLR, potentially allowing local information disclosure with SYSTEM privileges. The description consistently notes a “unusual root cause” an...
CVE-2018-9464
CVE-2018-9464 is an Elevation of Privilege in the Google Android Kernel (Taimen bootloader) identified across multiple trackers. The vulnerability arises from a missing permission check, enabling local access to read protected files and escalate privileges with no additional execution privileges ...
CVE-2020-0226
CVE-2020-0226 affects Android 10 in the Media Framework. The flaw is a type-confusion–induced out-of-bounds write in Client.cpp:createWithSurfaceParent, enabling local escalation of privilege in the graphics server without requiring user interaction. Documents at NVD/Red Hat/CVE listings confirm ...
CVE-2020-0415
CVE-2020-0415 affects Android’s SystemUI: a permission bypass via an unsafe PendingIntent could enable local information disclosure of contacts with user privileges, requiring no user interaction for exploitation. The vulnerability is listed in the 2020-10 Android security bulletin under System a...
CVE-2020-0421
CVE-2020-0421 is an Elevation of Privilege vulnerability in the Android Framework (affecting Android 8.0–11) that could allow a locally malicious app to bypass user interaction requirements and gain additional permissions. The root cause is described as an out-of-bounds write in String8.cpp (appe...
CVE-2020-0468
CVE-2020-0468 affects Android’s TelephonyRegistry.java, where a missing permission check allows a local bypass of location permissions, enabling local information disclosure with no user interaction. Multiple connected sources (NVD entry, Red Hat advisory RH:CVE-2020-0468, OSV listing ASB-A-15848...
CVE-2020-0469
CVE-2020-0469 affects Android 11; the issue is in addEscrowToken within LockSettingsService.java, causing a logic error that may lose the synthetic password and trigger a local denial-of-service without extra privileges or user interaction. Public references in the NVD/RH/OSV entries confirm the ...
CVE-2021-0324
CVE-2021-0324 is associated with Android/Unisoc components in the 2021 May Android bulletin. Sources catalog it under Unisoc Framework with High severity (per patch-level details), affecting Android devices via the Android SoC/Unisoc stack. The connected records do not provide concrete technical ...
CVE-2021-0429
CVE-2021-0429 affects Android and stems from a use-after-free in ALooper.cpp (function pollOnce), causing memory corruption that could enable local escalation of privilege without requiring user interaction. Reported impact notes indicate affected Android versions include Android-9, Android-10, A...
CVE-2021-0508
CVE-2021-0508 describes a race-condition–driven use-after-free in DrmPlugin.cpp. The flaw affects Android 8.1–11 and can enable local escalation of privilege with no additional execution privileges required and without user interaction. The provided sources (NVD/NVD-derived, OSV entry) confirm th...
CVE-2021-0595
The CVE-2021-0595 issue affects Android (Framework) via the RootWindowContainer.lockAllProfileTasks path, enabling local elevation of privilege by accessing the work profile without a PIN after login. Exploitation is local and requires no user interaction. Affected Android versions include 8.1, 9...
CVE-2021-0598
CVE-2021-0598 refers to an Android vulnerability in ConfirmConnectActivity.java where tapping a dialog could allow a tapjacking/overlay attack to pair with untrusted Bluetooth devices, potentially enabling local privilege escalation. Affected products: Android versions 11, 10, 9, and 8.1. Root ca...
CVE-2021-0602
CVE-2021-0602 affects Android 10 and 11 via WifiNetworkDetailsFragment.onCreateOptionsMenu, enabling guest users to view/modify configured APs due to a permissions bypass. This can cause local elevation of privilege with no extra execution privileges or user interaction. Exploitation details are ...
CVE-2021-0872
CVE-2021-0872 affects Imagination Technologies PowerVR kernel driver (PowerVR-GPU) via PVRSRVBridgeRGXKickVRDM. The issue is a missing size check that enables an integer overflow, leading to out-of-bounds heap access and local escalation of privilege with no extra privileges or user interaction r...
CVE-2021-0919
CVE-2021-0919 : Android systems (Android 9–11) are affected by a vulnerability in getService of IServiceManager.cpp, where an integer overflow can trigger an unhandled exception, leading to local denial of service and making the lockscreen unusable. Exploitation requires user interaction, and the...
CVE-2021-0955
CVE-2021-0955 affects Android 11 where the race condition in the function path pf_write_buf within FuseDaemon.cpp can cause memory corruption leading to local elevation of privilege without user interaction. The issue is documented in multiple feeds (NVD/Red Hat/OSV) with the same root cause and ...
CVE-2021-39660
Technical details about CVE-2021-39660 are not provided in the supplied documents. The materials reference an Android kernel race condition with local privilege escalation but no specifics on affected product versions or fixes. Monitor for updates.
CVE-2021-39815
CVE-2021-39815 concerns the PowerVR-GPU driver in Android. Unprivileged apps can allocate pinned memory, unpin it, and continue using the page in GPU calls, allowing kernel memory corruption without privileges. CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H assigns a base score of 9.8 (CRITICAL) wi...
CVE-2022-20108
CVE-2022-20108 concerns a vulnerability in the voice service where an out-of-bounds write occurs due to a stack-based buffer overflow. The consequence is local escalation of privilege to System level, with no user interaction required for exploitation. Public details consistently describe this as...
CVE-2022-20168
Summary: CVE-2022-20168 is listed in the Pixel 2022-06 bulletin as a DoS issue affecting the Modem component in Android devices (Pixel). The underlying document set identifies the issue under the Pixel Security patches with the DoS impact in the Modem area. Affected context (as per provided sourc...
CVE-2022-20237
The CVE-2022-20237 entry affects Android kernel code, specifically the BuildDevIDResponse function in miscdatabuilder.cpp. A missing bounds check can cause an out-of-bounds write, which the provided documents state could enable remote code execution without extra privileges or user interaction. T...
CVE-2022-20435
CVE-2022-20435 is an Android vulnerability described as an unauthorized service in the system service that, due to missing permission checks, can lead to local elevation of privilege and potentially a system reboot. Connected OSV entries (ASB-A-242248367 and ASB-A-242248369) corroborate an unauth...
CVE-2022-32620
CVE-2022-32620 affects MediaTek’s mpu component, caused by a logic error that can cause memory corruption. This may enable local escalation of privilege to System level with no user interaction required. Patch ALPS07541753 (Issue ALPS07541753) is referenced; exploitation status is not detailed in...
CVE-2022-38690
CVE-2022-38690: In the kernel camera driver, a memory corruption can occur due to improper locking, leading to local denial of service. This is described across multiple sources (NVD/OSV-like entries and PRION) and is specifically tied to the camera driver component; no exploitation details or pa...
CVE-2022-42756
CVE-2022-42756 concerns a buffer overflow in the sensor driver caused by a missing bounds check, potentially enabling local denial of service in the kernel. The primary sources (NVD, Red Hat, PRION, cvelist, and Android bulletin) describe the issue consistently as a buffer overflow in the sensor ...
CVE-2022-47461
CVE-2022-47461 affects the telephony stack (com.android.phone) where a missing permission check in the telephone service can enable local elevation of privilege. The CVSS data indicate LOCAL attack vector, requiring HIGH privileges and potentially impacting confidentiality, integrity, and availab...
CVE-2023-21035
The connected Nessus entry (UNPATCHED_CVE_2023_21035.NASL) provides concrete technical details: CVE-2023-21035 affects Android 13 and is linked to BackupHelper.java, where a permissions-bypass could allow an app to access permissions previously granted to another app sharing the same package name...
CVE-2023-21342
CVE-2023-21342 is an Android framework issue in RemoteSpeechRecognitionService that enables launching an activity from the background due to a logic error. This causes local elevation of privilege with no additional privileges or user interaction required. The CVSS vector (LOCAL, LOW attack compl...
CVE-2023-32837
CVE-2023-32837 is a MediaTek JPEG decoding accelerator vulnerability in the mtk_jpeg driver exposed to unprivileged userland on devices like Xiaomi 11T and Asus ROG 6D. The flaw is an out-of-bounds read/write in an array of structs, caused by a race between the JPEG_DEC_IOCTL_HYBRID_START path (w...
CVE-2024-20020
OP-TEE (Trusted Execution Environment) vulnerability CVE-2024-20020 involves an out-of-bounds write caused by an incorrect bounds check. This could enable local information disclosure with System execution privileges required, and no user interaction is needed. The issue is tracked with patch ALP...
CVE-2024-20028
CVE-2024-20028 is a MediaTek-related issue affecting the MediaTek stack’s “da” module, described as an out-of-bounds write due to lack of validation. The vulnerability could enable local escalation of privilege with System execution privileges and does not require user interaction. Affects MediaT...
CVE-2024-23709
CVE-2024-23709 describes a heap-buffer-overflow/out-of-bounds write in multiple locations that can lead to remote information disclosure without additional execution privileges, with user interaction required for exploitation. Connected sources confirm Android’s Android Security Bulletin details:...
CVE-2024-31326
CVE-2024-31326 affects the Android Framework. The issue is a logic error in policy migration code that can lead to local elevation of privilege without extra privileges or user interaction. The Android bulletin notes this as an EoP vulnerability with High severity, and lists updated AOSP versions...
CVE-2024-31332
CVE-2024-31332 affects Google Android Framework components, where a missing permission check allows bypassing restrictions on adding new Wi‑Fi connections. This enables local elevation of privilege with no extra execution privileges and no user interaction. Root cause: permission check gaps in mu...
CVE-2024-34719
CVE-2024-34719 is a local elevation-of-privilege vulnerability in Google Android involving a permissions bypass due to a missing null check. It affects Android Framework components and is rated High for impact (EoP) with local attack vector and no user interaction required. The Red Hat and Androi...
CVE-2024-34742
The CVE-2024-34742 issue affects Google Android, specifically a logic error in shouldWrite within OwnersData.java that can prevent MDM policies from being persisted, potentially causing a local denial of service without extra privileges. The vulnerability is described across multiple sources (NVD...
CVE-2017-0406
CVE-2017-0406 is a remote code execution vulnerability in Android's Mediaserver (libhevc) that can be triggered by processing a specially crafted media file, leading to memory corruption and potential code execution within the Mediaserver process. Reported impact is critical (CVE-2017-0406) with ...
CVE-2020-0247
CVE-2020-0247 affects Android devices via Threshold::getHistogram in ImageProcessHelper.java. A crash loop could cause local denial of service with user interaction required for exploitation; no exploit details are provided. Affected Android versions listed: 8.0, 8.1, and 10. Patching guidance co...
CVE-2020-0248
CVE-2020-0248 is an information-disclosure vulnerability in Android 10 involving the InstantAppNotifier’s postInstantAppNotif path. The root cause is a PendingIntent handling error that enables a local attacker to bypass permissions, leading to local information disclosure without user interactio...
CVE-2020-0249
CVE-2020-0249 is an Android Framework information-disclosure flaw present in postInstantAppNotif of InstantAppNotifier.java, caused by a PendingIntent error that can enable a local attacker to bypass permissions and access local information. Affected Android versions include 8.0, 8.1, 9, and 10. ...
CVE-2020-0376
CVE-2020-0376 has concrete details in connected documents: it is an out-of-bounds read due to a missing bounds check affecting MediaTek components in Android, specifically MTK ISP within Android SoC. The root cause is a missing bounds check leading to a possible local information disclosure; expl...
CVE-2020-0378
CVE-2020-0378 affects Android System (PasspointManager.java: onWnmFrameReceived) with a missing permission check that could lead to local information disclosure of location data. Underlying cause is an insufficient permission check in a code path handling Passpoint/WLAN Frame processing. Document...
CVE-2020-0397
The CVE-2020-0397 entry describes a permission bypass in Android’s CarrierServiceStateTracker.getNotificationBuilder due to an unsafe PendingIntent, enabling local information disclosure with low attack complexity. Affected are Android 8.0–11 variants (Android-8.0, 8.1, 9, 10, 11) per the officia...
CVE-2020-0418
CVE-2020-0418 affects Android 10 and is tied to a logic error in Utils.java (getPermissionInfosForGroup) that can enable local elevation of privilege. The vulnerability, described as a local EoP with high severity in the 2020-11 Android Bulletin, requires local access but not user interaction to ...
CVE-2020-0443
CVE-2020-0443 affects Android via LocaleList.LocaleList.java. The issue is a forced reboot from an uncaught exception, enabling local DoS with no user interaction required. Affected versions include Android 8.0–11; the vulnerability is listed under the 2020-11-01/11-05 patch levels in the Android...
CVE-2021-0390
CVE-2021-0390 is described as a local elevation-of-privilege issue in Android arising from a missing permission check in multiple methods of WifiNetworkSuggestionsManager.java. The flaw could allow a background user on the same device, with no additional execution privileges, to modify the set of...
CVE-2021-0392
CVE-2021-0392 is documented with concrete details in the connected data: Android platform (versions Android-9, Android-10, Android-11) is affected by a memory corruption due to a double free in main.cpp. This vulnerability is categorized as an Elevation of Privilege (local) with the potential to ...
CVE-2021-0444
CVE-2021-0444 affects Android devices (Android-11, Android-8.1, Android-9, Android-10). In QuickContactActivity.java, onActivityResult returns an extra Intent unnecessarily, leading to local information disclosure of contact data without elevated privileges. Exploitation requires user interaction...
CVE-2021-0472
CVE-2021-0472 concerns a local elevation-of-privilege in Android 9–11 due to a permissions bypass in shouldLockKeyguard (LockTaskController.java) that could allow exiting App Pinning without a PIN and without user interaction. The issue is limited to the Framework component and is described as en...
CVE-2021-0574
The vulnerability CVE-2021-0574 affects the asf extractor in Android (MediaTek components) where an out-of-bounds write occurs due to a missing bounds check. This can lead to local elevation of privilege with no user interaction required; exploitation details are not provided in the documents. Re...