8153 matches found
CVE-2021-0603
The CVE-2021-0603 entry describes a local elevation-of-privilege vulnerability in Android 11 affecting the ContactSelectionActivity.java onCreate path. A tapjacking/overlay scenario could allow a non-privileged app to gain access to contacts without user-permission, requiring user interaction for...
CVE-2021-0702
CVE-2021-0702 affects Android 11 in the Framework component tied to apexd.cpp RevertActiveSessions, enabling local information disclosure via an unintentional MediaStore downgrade. Exploitation requires user interaction, with the issue rated at MEDIUM severity (CVSSv3.1) and LOW/Med in CVSS2 depe...
CVE-2021-0969
The CVE-2021-0969 entry relates to a missing null check in AccessPoint.java:getTitle, causing a possible unhandled exception and remote DoS if a nearby Wi‑Fi AP provides invalid information. Affected product: Android (Android-10 and Android-11). Exploitation requires user interaction per the desc...
CVE-2021-1049
CVE-2021-1049 affects Android via Unisoc components (slogmodem) in the Android SoC stack. The vulnerability is classified as High severity in the NVD entry, with CVSS v3.1/3.0 impacting network-based access with likely elevation of privileges or data disclosure, per associated entries. The connec...
CVE-2021-39729
The CVE-2021-39729 issue affects the TitanM chip in Android, caused by a missing bounds check that enables an out-of-bounds write. This can lead to local privilege escalation with System execution privileges required, and exploitation does not require user interaction. Documents consistently desc...
CVE-2021-39730
CVE-2021-39730 affects the Android kernel as described in multiple sources. The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially allowing local information disclosure with system execution privileges. Exploitation requires local access; no user interaction is r...
CVE-2021-39734
CVE-2021-39734 is an Elevation of Privilege in Google Android telephony logic related to RCS messaging. The issue is described as stemming from a missing permission check in OneToOneChatImpl.java that could allow sending an RCS message without required permissions, enabling local privilege escala...
CVE-2022-20387
CVE-2022-20387 is listed in multiple sources as affecting Android on Unisoc Android SoC components. A connected Prion entry explicitly labels it as a “Code injection” issue, while the NVD/NVD-derived summaries indicate Android SoC/Android as the affected context with high-severity implications in...
CVE-2022-20440
CVE-2022-20440 affects Android’s Messaging component, where an unauthorized broadcast could lead to a Local Denial of Service. The issue is documented across multiple feeds (NVD/RH/NCSC/PT-PCI/etc.) with no specific exploit details provided in these excerpts. The Android Security Bulletin outline...
CVE-2022-22266
Technical details about CVE-2022-22266 are not publicly available in the connected documents; the description provided is the extent of information here. Monitor for updates.
CVE-2022-32594
CVE-2022-32594 concerns the Widevine component with an out-of-bounds write caused by an incorrect bounds check. Reported impact is local escalation of privileges requiring System execution privileges, with no user interaction needed. Connected sources confirm a patch exists (ALPS07446207/ALPS0744...
CVE-2022-32596
CVE-2022-32596 describes an out-of-bounds write in Widevine caused by an incorrect bounds check, enabling possible local escalation to System privileges. Exploitation is described as requiring no user interaction (ATT&CK-like vector: local) with high confidentiality, integrity, and availability i...
CVE-2022-44428
CVE-2022-44428 affects the wlan driver and is tied to a missing bounds check, enabling local denial of service in wlan services. Documents consistently describe the vulnerability as a local issue with a base score of 5.5 (MEDIUM) and local attack vector, but do not provide concrete exploit detail...
CVE-2022-44436
CVE-2022-44436 describes a missing permission check in the Android messaging service, enabling a local denial-of-service in the contacts service with no extra execution privileges required. Root cause: permission verification gap in the messaging component. Impact: local DoS; no remote code execu...
CVE-2022-47488
CVE-2022-47488 affects the spipe drive component in Unisoc chipsets, with an out-of-bounds write caused by a missing bounds check that could enable local DoS with system execution privileges. The connected documents confirm the issue but provide no publicly available fix/version details; some sou...
CVE-2023-21058
CVE-2023-21058 concerns the Android kernel component lcsm_bcm_assist.c (function lcsm_SendRrAcquiAssist ). A missing bounds check can cause an out-of-bounds write, leading to remote code execution with no additional privileges and no user interaction required. The description in the connected OSV...
CVE-2023-21241
CVE-2023-21241 describes an out-of-bounds write caused by an integer overflow in rw_i93_send_to_upper() within rw_i93.cc, enabling local privilege escalation with no extra execution privileges or user interaction. Public docs consistently tie this to Android components and patch-level fixes. The ...
CVE-2023-21243
CVE-2023-21243 is a buffer overflow in the Android PasspointConfiguration.java code path (validateForCommonR1andR2) that can inflate a config file’s size without limits, enabling a local denial-of-service condition. Exploitation requires user interaction, and exploitation status is not indicated ...
CVE-2023-32873
The CVE-2023-32873 issue affects MediaTek’s keyInstall module, where a missing bounds check enables an out-of-bounds write that could lead to local escalation of privilege with SYSTEM privileges. Exploitation details are not provided in the connected documents. Impact is described as requiring no...
CVE-2024-20026
CVE-2024-20026 affects the MediaTek MediaTek MTK da module (as indicated by multiple feeds) and is caused by improper input validation in the da component. The flaw could allow local information disclosure with system execution privileges required for exploitation, and no user interaction is need...
CVE-2024-20104
CVE-2024-20104 affects MediaTek DA (the DA component in MediaTek chipsets). It describes an out-of-bounds write due to a missing bounds check, potentially enabling local privilege escalation without additional execution privileges; user interaction is required to exploit. The entry cites patch AL...
CVE-2024-25985
The CVE-2024-25985 issue affects the bigo_unlocked_ioctl path in bigo.c, described as a Use-After-Free caused by a missing bounds check. The impact is local privilege escalation with high severity (CVSS: LOCAL, NONE user interaction). Documents in multiple feeds (NVD, Red Hat, PRION, OSV) consist...
CVE-2024-27210
CVE-2024-27210 involves an out-of-bounds write in the policy_check function of fvp.c that can enable local privilege escalation with no user interaction. The vulnerability is associated with Google Pixel/Android components per multiple sources, but none of the connected documents provide concrete...
CVE-2024-27219
CVE-2024-27219 concerns a vulnerability in the tmu_set_pi function of tmu.c where a missing bounds check allows an out-of-bounds write. The issue enables local privilege escalation with no additional execution privileges required and does not require user interaction. Public technical details in ...
CVE-2024-27234
CVE-2024-27234 describes an out-of-bounds read in the function family 'fvp_set_target' in fvp.c due to a missing bounds check. This leads to potential local information disclosure without extra execution privileges or user interaction. The provided documents do not specify affected product versio...
CVE-2024-31322
Summary of CVE-2024-31322 : In Android’s AccessibilityManagerService.updateServicesLocked, improper input validation can let an app be hidden from Settings while still retaining the Accessibility Service, enabling local elevation of privilege with no extra execution privileges required. Exploitat...
CVE-2024-34720
CVE-2024-34720 affects Google Android: a logic error in com_android_internal_os_ZygoteCommandBuffer.cpp (ZygoteCommandBuffer.nativeForkRepeatedly) may enable arbitrary code execution in any app’s zygote processes, causing local privilege escalation with no extra privileges or user interaction req...
CVE-2024-34732
This CVE (CVE-2024-34732) concerns the Android kernel’s RGXMMUCacheInvalidate routine in rgxmem.c, where a race condition can enable arbitrary code execution and local privilege escalation without extra privileges or user interaction. The vulnerability description is consistently reported across ...
CVE-2024-40655
CVE-2024-40655 is an Android framework issue in the CallScreeningServiceHelper.java, where a permissions bypass could allow maintaining a while-in-use permission in the background, enabling local elevation of privilege with no extra execution privileges. Exploitation requires user interaction. Th...
CVE-2024-40662
CVE-2024-40662 affects the Android framework Uri.java, where improper input validation in the scheme handling can allow crafting a malformed Uri object. The result is local privilege escalation with no additional privileges or user interaction required. The CVSS v3.1 score is 7.8 (HIGH) with LOCA...
CVE-2024-40670
CVE-2024-40670 affects PowerVR-GPU (Imagination Technologies) as documented in the Android bulletin. The issue is described as a use-after-free caused by a race condition, enabling local elevation of privilege with no user interaction. The CVSS v3.1 base score is 8.4 (HIGH) with local attack vect...
CVE-2018-9385
CVE-2018-9385 affects the Linux/Android kernel: in driver_override_store of bus.c there is an out-of-bounds write due to an incorrect bounds check, enabling local privilege escalation with SYSTEM privileges. Exploitation reportedly does not require user interaction. Connected advisories (Unity Li...
CVE-2020-0001
CVE-2020-0001 affects Android’s framework (ActivityManagerService.java, getProcessRecordLocked). The issue arises from improper handling of isolated apps, enabling local escalation of privilege without extra execution privileges. Impact is described as local elevation of privilege with high confi...
CVE-2020-0399
The CVE-2020-0399 issue affects Android devices and stems from an unsafe PendingIntent in NotificationMgr.java’s showLimitedSimFunctionWarningNotification. This could allow a local permission bypass and local information disclosure without user interaction, affecting Android 8.0–11. The NVD entry...
CVE-2020-0410
CVE-2020-0410: In SapServer.java setNotification, a PendingIntent misconfiguration enables a local permission bypass that could lead to information disclosure with user privileges; exploitation requires no user interaction. Affected: Android 8.0–11 (per CVE entry). Impact: partial confidentiality...
CVE-2020-0417
The CVE-2020-0417 entry describes a local elevation-of-privilege in Android related to GpsNetInitiatedHandler.setNiNotification. The underlying issue is an empty mutable PendingIntent that permits a permissions bypass. Affected Android versions are 8.1, 9, and 10. Exploitation is described as pos...
CVE-2021-0331
CVE-2021-0331 describes an overlay/tapjacking-type vulnerability in Android’s NotificationAccessConfirmationActivity.java. In onCreate, an insecure default value enables a possible overlay attack that could lead to local elevation of privilege and notification access with User execution privilege...
CVE-2021-0443
CVE-2021-0443 : Apple Android flaw affecting ScreenshotHelper.java and related files where a race condition can cause an incorrectly saved screenshot, enabling local information disclosure across user profiles. Exploitation requires user interaction; impact is information disclosure with no extra...
CVE-2021-0705
CVE-2021-0705 concerns the Android Framework component, specifically in sanitizeSbn of NotificationManagerService.java. The connected documents describe a vulnerability where an attacker could bypass Background Service Restrictions to keep a service running in the foreground while retaining grant...
CVE-2021-0925
CVE-2021-0925 is associated with Google Android 12. The vulnerability occurs in rw_t4t_sm_detect_ndef (rw_t4t.cc) and is an out-of-bounds read caused by an incorrect bounds check, leading to potential remote information disclosure without extra execution privileges or user interaction. Documents ...
CVE-2021-0926
CVE-2021-0926 is a vulnerability in the Android NFC path found in onCreate of NfcImportVCardActivity.java, where a missing permission check enables adding a contact without user consent. This constitutes a local elevation of privilege because it does not require additional execution privileges an...
CVE-2021-0946
CVE-2021-0946 concerns a kernel information disclosure in Android via the PowerVR PVRSRVBridgePMRPDumpSymbolicAddr path. The vulnerable sequence allocates a heap buffer (puiMemspaceNameInt), fills it through PMR_PDumpSymbolicAddr, and copies the buffer to userspace. If PMR_PDumpSymbolicAddr fails...
CVE-2021-0958
CVE-2021-0958 affects Android 11 and 12, with a logic error in km_compat.cpp that could lead to a loss of potentially sensitive data and a local denial of service. Exploitation requires no user interaction, and the issue can be triggered locally with user privileges. The Red Hat/NVD entries corro...
CVE-2021-39792
CVE-2021-39792 concerns the Android kernel, specifically the function usb_gadget_giveback_request in core.c. It describes a race condition that can cause a use-after-free and an out-of-bounds read, potentially leading to local information disclosure with SYSTEM privileges required. No user intera...
CVE-2022-20388
CVE-2022-20388 affects Android SoC Unisoc components (Android platform) with high severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The Unisoc Android entry indicates this is an Android SoC issue with no public exploit details provided in the connected docs. The CVE is listed under the 20...
CVE-2022-39130
CVE-2022-39130 describes a possible out-of-bounds write in the face detect driver due to a missing bounds check, which could lead to local denial of service in the kernel. Public references in the provided documents identify the vulnerability across multiple sources (NVD entry and CVE record), wi...
CVE-2022-47338
CVE-2022-47338 describes a missing permission check in the telecom service, leading to a local Denial of Service. Public sources consistently state the issue affects UNISOC/Android telecom components, with the impact described as local DoS and no remote exploit details provided in the supplied do...
CVE-2023-21054
CVE-2023-21054 affects the Android kernel, specifically the EUTRAN_LCS_ConvertLCS_MOLRReq path in LPP_CommonUtil.c. A logic error can cause an out-of-bounds write, which could lead to remote code execution with System-level privileges. No user interaction is required. Exploitation status and in-t...
CVE-2023-40089
CVE-2023-40089 concerns Android’s DevicePolicyManagerService.java, where getCredentialManagerPolicy can let a user select credential providers without proper permission checks. This enables local elevation of privilege with no extra execution privileges and no user interaction required. The Andro...
CVE-2024-20025
MediaTek da module vulnerability CVE-2024-20025: out-of-bounds write caused by an integer overflow, enabling local escalation to SYSTEM privileges with no user interaction. Patch ALPS08541686/Issue ALPS08541686 is listed as the fix. Multiple connected sources reiterate the same description; no ex...