8153 matches found
CVE-2022-38669
CVE-2022-38669 describes a privilege-escalation issue in the soundrecorder service that lacks a required permission check, enabling elevation of privilege in the contacts service without extra execution privileges. Multiple sources (NVD, Red Hat, OSV) corroborate the core flaw and its local attac...
CVE-2022-42754
CVE-2022-42754 affects the npu driver, where a use-after-free leads to memory corruption that could cause local denial of service in the kernel. The available documents consistently describe a local-privilege-agnostic, local-execution scenario due to memory-management flaw in the npu component. N...
CVE-2023-20657
CVE-2023-20657 affects MediaTek’s mtee with an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation without user interaction. The issue is documented across multiple sources (e.g., NVD/Red Hat bulletin entries) and is associated with patch ALPS07571485 (Issue ...
CVE-2023-20829
The CVE-2023-20829 issue affects the gps component in MediaTek-based devices, caused by a missing bounds check that enables an out-of-bounds write. This can lead to local privilege escalation to SYSTEM with no user interaction required, per the description. Reported under various feeds (NVD, Red ...
CVE-2023-32834
CVE-2023-32834 describes a memory corruption due to a type confusion in the secmem module, potentially enabling local privilege escalation to SYSTEM. The entry is associated with MediaTek ALPS (ALPS08161762 patch/issue IDs). The vulnerability is reported as exploitable without user interaction, w...
CVE-2023-40638
CVE-2023-40638 affects UNISOC chipsets (Android Telecom service) where a missing permission check could allow a local Denial of Service with SYSTEM privileges required. The Red Hat/Android-related entries corroborate a local-impact scenario but do not provide explicit vulnerable versions or a con...
CVE-2023-48398
CVE-2023-48398 affects the ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() function in protocolnetadapter.cpp, where a missing bounds check can cause an out-of-bounds read. This can lead to remote information disclosure and requires baseband firmware compromise, with no user interaction need...
CVE-2024-22007
CVE-2024-22007 involves a bound-check omission in the constraint_check path of fvp.c, causing a possible out-of-bounds read and local information disclosure without requiring user interaction. The issue is documented across multiple sources (NVD/Red Hat/PRION/CVE lists) and is associated with Goo...
CVE-2024-22008
CVE-2024-22008 affects Google Pixel devices (Pixel bulletin context shows it under ACPM/TMU components). The vulnerability originates from a missing bounds check in the config_gov_time_windows function within tmu.c, causing an out-of-bounds write. This leads to local escalation of privilege with ...
CVE-2024-22010
The CVE-2024-22010 issue affects the dvfs_plugin_caller function in fvp.c, described as an out-of-bounds read caused by a missing bounds check. This leads to local information disclosure without requiring special privileges or user interaction. Several connected sources (Red Hat, NVD, OSV) reiter...
CVE-2024-23697
CVE-2024-23697: A use-after-free in RGXCreateHWRTData_aux (rgxta3d.c) enables possible arbitrary code execution and local kernel privilege escalation. No user interaction required. Documents consistently describe this as a local-privilege escalation vulnerability with kernel impact and do not pro...
CVE-2024-23716
In CVE-2024-23716, a race condition in DevmemIntPFNotify within devicemem_server.c can trigger a use-after-free, enabling local privilege escalation in the kernel with no extra execution privileges or user interaction required. The linked Red Hat and Android bulletin data corroborate a kernel-lev...
CVE-2024-25989
CVE-2024-25989 describes an out-of-bounds read in the Google Pixel GPU driver, specifically in gpu_slc_liveness_update of pixel_gpu_slc.c, caused by a missing bounds check. This can lead to local information disclosure without requiring exploits, privileges, or user interaction. Public references...
CVE-2024-34721
CVE-2024-34721 describes an information-disclosure in Android’s MediaProvider.java, in ensureFileColumns, where improper input validation may allow a user to disclose files owned by another user. This is a local disclosure with no extra execution privileges required and does not require user inte...
CVE-2024-34730
CVE-2024-34730 describes a logic error in multiple locations that allows bypassing user consent to enable new Bluetooth HID devices, leading to local elevation of privilege with no additional execution privileges or user interaction required. Connected sources consistently state the impact as loc...
CVE-2024-40671
CVE-2024-40671 affects DevmemIntChangeSparse2 in devicemem_server.c, with a missing permission check that could enable arbitrary code execution and local privilege escalation without user interaction. Public entries across multiple feeds (NVD, Red Hat, Vuln enrichment, and OSV) consistently descr...
CVE-2016-4477
CVE-2016-4477 affects wpa_supplicant (and hostapd) when updating WPA/WPA2 passphrases: input containing newline/control characters can cause the updated configuration to execute code or disrupt service. In practice, this enables local privilege escalation via the control interface (SET_NETWORK) a...
CVE-2020-0239
CVE-2020-0239 affects the Android Framework (DocumentsContract.java) and describes a permissions bypass that can disclose location metadata from files (e.g., photos) via a local information disclosure flaw. The vulnerability is rooted in getDocumentMetadata, enabling a local attacker to access lo...
CVE-2020-0257
CVE-2020-0257 affects Android 10 Framework: In SpecializeCommon of com_android_internal_os_Zygote.cpp there is a permissions bypass caused by incomplete cleanup, enabling local elevation of privilege in isolated processes without extra execution privileges. Exploitation is local and does not requ...
CVE-2020-0390
CVE-2020-0390 affects Android where the zygote SE Policy has a permissions bypass, enabling local information disclosure without extra privileges. Affected: Android-10 and Android-11, with the issue categorized as an Information Disclosure (ID) vulnerability in the Framework/zygote policy. Impact...
CVE-2020-0438
CVE-2020-0438 affects Android via the AIBinder_Class constructor in ibinder.cpp (libbinder_ndk). It enables potential arbitrary code execution and local privilege escalation without user interaction, when a vulnerable process uses the component. Documented impact includes local escalation of priv...
CVE-2021-0432
The CVE-2021-0432 issue affects Android 11, related to ClearPullerCacheIfNecessary and ForceClearPullerCache in StatsPullerManager.cpp. The root cause is a race condition causing a use-after-free, enabling local escalation of privilege with no extra execution privileges required and no user inter...
CVE-2021-0693
CVE-2021-0693 pertains to Android 11 and involves the HeapDumpProvider.java openFile path, where an unprotected provider could allow retrieving generated heap dumps from debuggable apps. This creates a local information disclosure risk without requiring privileges or user interaction. The vulnera...
CVE-2021-0923
CVE-2021-0923 affects Google Android 12, described as an elevation of privilege in Framework: in Permission.java createOrUpdate there is a missing permission check that could allow a local attacker to gain internal permissions without additional execution privileges and without user interaction. ...
CVE-2021-0938
CVE-2021-0938 is described as a by-design bypass in memzero_explicit of compiler-clang.h, enabling a local information disclosure due to uninitialized data in the kernel/Android context. The issue is exploitable with local access and does not require user interaction, per the description. The Con...
CVE-2022-20434
CVE-2022-20434 is a local Elevation of Privilege in Android related to a missing authorization check in a system service. The vulnerability is associated with UNISOC components listed in the Android 2022-10-01/10-05 patch cycles (as shown in the Android bulletin mappings), affecting Android Telep...
CVE-2022-20439
CVE-2022-20439 affects Android Messaging. The description indicates an unauthorized provider in Messaging could cause a Local Denial of Service, with a base CVSS v3.1 score of 5.5 (Local, Low attack complexity, Privileges required: Low, user interaction: None, availability impact: High). The avai...
CVE-2022-21755
The CVE-2022-21755 entry concerns a MediaTek WLAN driver vulnerability: an out-of-bounds read caused by an incorrect bounds check. This could allow local information disclosure and potentially system-privilege execution, with no user interaction required. Patch ALPS06545464/Issue ALPS06545464 is ...
CVE-2022-27836
CVE-2022-27836 impacts Samsung Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1, due to improper access control and path traversal. This allows local attackers to access arbitrary system files; the patch adds validation logic to prevent arbitrary file access (security u...
CVE-2022-39106
CVE-2022-39106 : Concrete details from connected sources show an out-of-bounds write in the kernel sensor driver for Unisoc devices, caused by a missing bounds check. This can lead to local denial of service. The documents do not specify affected models/versions or a fixed patch version. No explo...
CVE-2022-39129
CVE-2022-39129 describes a potential out-of-bounds write in the face detect driver caused by a missing bounds check, leading to local denial of service in the kernel. The primary sources in the connected set reiterate this issue across multiple advisories (NVD entry and vendor postings) and class...
CVE-2022-42499
CVE-2022-42499 affects the Android modem component sms_MmConManagement.c, where a heap buffer overflow can cause an out-of-bounds write. This vulnerability could enable remote code execution with no privileges and no user interaction required. Publicly available details in the Red Hat, NVD, and C...
CVE-2022-42529
CVE-2022-42529 affects the Android kernel (Pixel devices) per the CVE entries. The provided documents confirm the vulnerability is kernel-related, but do not supply detailed root-cause information or specific vulnerable functions/files. Impact is described as high (confidentiality, integrity, ava...
CVE-2022-44430
CVE-2022-44430 describes a possible missing bounds check in the wlan driver, enabling a local denial of service in wlan services. Public records map this issue to Unisoc/Android WLAN components, with a CVSS v3.1 base score of 5.5 (Attack Vector: Local; Privileges Required: Low; User Interaction: ...
CVE-2022-47336
CVE-2022-47336 involves a missing permission check in the telecom service, which the available documents identify as a local denial-of-service risk. The root cause is described as an insufficient authorization gate within the telecom service, enabling a local attacker to disrupt service availabil...
CVE-2023-40130
CVE-2023-40130 affects Android’s CallRedirectionProcessor (notifyTimeout). The issue is a logic error allowing a local elevation of privilege with no extra execution privileges required and no user interaction. The documentation explicitly states the vulnerability as a permission bypass in the Ca...
CVE-2024-20011
The CVE-2024-20011 issue affects MediaTek’s alac decoder, caused by an incorrect bounds check that enables information disclosure and could lead to remote code execution without user interaction. The vulnerability is rated high/critical with network access and no privileges required. A patch is r...
CVE-2024-20103
In CVE-2024-20103, MediaTek WLAN firmware contains an out-of-bounds write due to improper input validation, enabling remote code execution with no privileges or user interaction required. The vulnerability affects WLAN-related firmware (MediaTek) and is tracked under Patch ID ALPS09001358 and MSV...
CVE-2024-20141
MediaTek MT8893 V5 DA module (MediaTek DA) contains an out-of-bounds write due to a missing bounds check, enabling local privilege escalation with physical access. Exploitation requires user interaction; no remote/vector details provided. Patch ALPS09291402 (MSV-2073) addresses this issue. Refere...
CVE-2024-23698
CVE-2024-23698 affects the Android/Linux kernel code path RGXFWChangeOSidPriority in rgxfwutils.c, where a missing bounds check could enable arbitrary code execution and local escalation of privilege with no user interaction. The issue is described consistently across multiple sources (Android An...
CVE-2024-27224
CVE-2024-27224 is an out-of-bounds write in strncpy.c (strncpy), causing local elevation of privilege due to a missing bounds check. Documented as an EoP issue affecting Google Pixel components (Little Kernel) with exploitation details not provided in the supplied sources. The vulnerability is li...
CVE-2024-27225
The CVE-2024-27225 entry concerns Google Pixel devices. In the Bluetooth HCI code path (bluetooth_hci.cc, sendHciCommand) there is an out-of-bounds read due to a heap buffer overflow. This can cause local information disclosure with system execution privileges; no user interaction is required for...
CVE-2024-27229
CVE-2024-27229 describes a null pointer dereference in ss_SendCallBarringPwdRequiredIndMsg within ss_CallBarring.c, leading to remote denial of service without user interaction. The vulnerability is tracked in Android/Pixel advisories and is listed in the Pixel March 2024 update bulletin with DoS...
CVE-2024-43089
CVE-2024-43089 affects the Android MediaProvider component. The root cause is a missing permission check in the MediaProvider.updateInternal method, which can allow an attacker to access another app’s files and achieve local elevation of privilege. The impact is limited to local privilege escalat...
CVE-2019-2022
CVE-2019-2022 affects Android platforms (Android-7.0 through Android-9) and is tied to rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp in rw_t3t.cc, where a missing bounds check enables a possible out-of-bounds read leading to local information disclosure. Exploitation requires user inter...
CVE-2020-0389
CVE-2020-0389 affects Android 10/11 in the Framework area, specifically via RecordingService.java createSaveNotification. The issue is a permission bypass caused by an unsafe PendingIntent, enabling local information disclosure with user privileges and no user interaction needed. Public details i...
CVE-2020-0392
CVE-2020-0392 is a concrete vulnerability in the Android SurfaceFlinger component. The issue arises in getLayerDebugInfo of SurfaceFlinger.cpp, where a double free can occur, enabling a local escalation of privilege with no additional execution privileges required. Affected: Android 9, 10, and 11...
CVE-2020-0448
CVE-2020-0448 : In TelecomServiceImpl.getPhoneAccountsForPackage, a missing permission check can allow disclosure of a tracking identifier, enabling account tracking across devices with no extra privileges. Impact described as local information disclosure of the identifier (no integrity/DoS impac...
CVE-2020-0451
CVE-2020-0451 is a vulnerability in Android’s Media Framework (sbrdecoder.cpp, sbrDecoder_AssignQmfChannels2SbrChannels) where a heap buffer overflow can cause an out-of-bounds write, enabling remote code execution with high impact. Exploitation requires user interaction. Affected Android version...
CVE-2020-0460
CVE-2020-0460 affects Android 11, in CertInstaller.java (createNameCredentialDialog). Root cause: a logic error that can improperly install certificates, leading to remote information disclosure with no privileges and no user interaction required. Public details come from Android 2020-12-01/12-05...