Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/10/14 12:0 a.m.109 views

CVE-2022-38669

CVE-2022-38669 describes a privilege-escalation issue in the soundrecorder service that lacks a required permission check, enabling elevation of privilege in the contacts service without extra execution privileges. Multiple sources (NVD, Red Hat, OSV) corroborate the core flaw and its local attac...

7.8CVSS7.6AI score0.0011EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.109 views

CVE-2022-42754

CVE-2022-42754 affects the npu driver, where a use-after-free leads to memory corruption that could cause local denial of service in the kernel. The available documents consistently describe a local-privilege-agnostic, local-execution scenario due to memory-management flaw in the npu component. N...

5.5CVSS5.5AI score0.00084EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.109 views

CVE-2023-20657

CVE-2023-20657 affects MediaTek’s mtee with an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation without user interaction. The issue is documented across multiple sources (e.g., NVD/Red Hat bulletin entries) and is associated with patch ALPS07571485 (Issue ...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.109 views

CVE-2023-20829

The CVE-2023-20829 issue affects the gps component in MediaTek-based devices, caused by a missing bounds check that enables an out-of-bounds write. This can lead to local privilege escalation to SYSTEM with no user interaction required, per the description. Reported under various feeds (NVD, Red ...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.109 views

CVE-2023-32834

CVE-2023-32834 describes a memory corruption due to a type confusion in the secmem module, potentially enabling local privilege escalation to SYSTEM. The entry is associated with MediaTek ALPS (ALPS08161762 patch/issue IDs). The vulnerability is reported as exploitable without user interaction, w...

6.7CVSS6.8AI score0.00085EPSS
CVE
CVE
added 2023/10/08 3:35 a.m.109 views

CVE-2023-40638

CVE-2023-40638 affects UNISOC chipsets (Android Telecom service) where a missing permission check could allow a local Denial of Service with SYSTEM privileges required. The Red Hat/Android-related entries corroborate a local-impact scenario but do not provide explicit vulnerable versions or a con...

4.4CVSS4.7AI score0.00082EPSS
CVE
CVE
added 2023/12/08 3:39 p.m.109 views

CVE-2023-48398

CVE-2023-48398 affects the ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() function in protocolnetadapter.cpp, where a missing bounds check can cause an out-of-bounds read. This can lead to remote information disclosure and requires baseband firmware compromise, with no user interaction need...

7.5CVSS7AI score0.00334EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.109 views

CVE-2024-22007

CVE-2024-22007 involves a bound-check omission in the constraint_check path of fvp.c, causing a possible out-of-bounds read and local information disclosure without requiring user interaction. The issue is documented across multiple sources (NVD/Red Hat/PRION/CVE lists) and is associated with Goo...

6.2CVSS6AI score0.00093EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.109 views

CVE-2024-22008

CVE-2024-22008 affects Google Pixel devices (Pixel bulletin context shows it under ACPM/TMU components). The vulnerability originates from a missing bounds check in the config_gov_time_windows function within tmu.c, causing an out-of-bounds write. This leads to local escalation of privilege with ...

7.8CVSS7AI score0.00084EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.109 views

CVE-2024-22010

The CVE-2024-22010 issue affects the dvfs_plugin_caller function in fvp.c, described as an out-of-bounds read caused by a missing bounds check. This leads to local information disclosure without requiring special privileges or user interaction. Several connected sources (Red Hat, NVD, OSV) reiter...

5.5CVSS6AI score0.00098EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.109 views

CVE-2024-23697

CVE-2024-23697: A use-after-free in RGXCreateHWRTData_aux (rgxta3d.c) enables possible arbitrary code execution and local kernel privilege escalation. No user interaction required. Documents consistently describe this as a local-privilege escalation vulnerability with kernel impact and do not pro...

7.8CVSS7.4AI score0.00104EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.109 views

CVE-2024-23716

In CVE-2024-23716, a race condition in DevmemIntPFNotify within devicemem_server.c can trigger a use-after-free, enabling local privilege escalation in the kernel with no extra execution privileges or user interaction required. The linked Red Hat and Android bulletin data corroborate a kernel-lev...

7.4CVSS7.1AI score0.00075EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.109 views

CVE-2024-25989

CVE-2024-25989 describes an out-of-bounds read in the Google Pixel GPU driver, specifically in gpu_slc_liveness_update of pixel_gpu_slc.c, caused by a missing bounds check. This can lead to local information disclosure without requiring exploits, privileges, or user interaction. Public references...

5.9CVSS6AI score0.00085EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.109 views

CVE-2024-34721

CVE-2024-34721 describes an information-disclosure in Android’s MediaProvider.java, in ensureFileColumns, where improper input validation may allow a user to disclose files owned by another user. This is a local disclosure with no extra execution privileges required and does not require user inte...

6.2CVSS6AI score0.00108EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.109 views

CVE-2024-34730

CVE-2024-34730 describes a logic error in multiple locations that allows bypassing user consent to enable new Bluetooth HID devices, leading to local elevation of privilege with no additional execution privileges or user interaction required. Connected sources consistently state the impact as loc...

7.8CVSS6.8AI score0.00078EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.109 views

CVE-2024-40671

CVE-2024-40671 affects DevmemIntChangeSparse2 in devicemem_server.c, with a missing permission check that could enable arbitrary code execution and local privilege escalation without user interaction. Public entries across multiple feeds (NVD, Red Hat, Vuln enrichment, and OSV) consistently descr...

7.8CVSS7.9AI score0.00119EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.108 views

CVE-2016-4477

CVE-2016-4477 affects wpa_supplicant (and hostapd) when updating WPA/WPA2 passphrases: input containing newline/control characters can cause the updated configuration to execute code or disrupt service. In practice, this enables local privilege escalation via the control interface (SET_NETWORK) a...

7.8CVSS7.2AI score0.00255EPSS
CVE
CVE
added 2020/08/11 7:26 p.m.108 views

CVE-2020-0239

CVE-2020-0239 affects the Android Framework (DocumentsContract.java) and describes a permissions bypass that can disclose location metadata from files (e.g., photos) via a local information disclosure flaw. The vulnerability is rooted in getDocumentMetadata, enabling a local attacker to access lo...

5.5CVSS5AI score0.00183EPSS
CVE
CVE
added 2020/08/11 7:32 p.m.108 views

CVE-2020-0257

CVE-2020-0257 affects Android 10 Framework: In SpecializeCommon of com_android_internal_os_Zygote.cpp there is a permissions bypass caused by incomplete cleanup, enabling local elevation of privilege in isolated processes without extra execution privileges. Exploitation is local and does not requ...

7.8CVSS7.7AI score0.00179EPSS
CVE
CVE
added 2020/09/17 3:54 p.m.108 views

CVE-2020-0390

CVE-2020-0390 affects Android where the zygote SE Policy has a permissions bypass, enabling local information disclosure without extra privileges. Affected: Android-10 and Android-11, with the issue categorized as an Information Disclosure (ID) vulnerability in the Framework/zygote policy. Impact...

5.5CVSS5AI score0.00142EPSS
CVE
CVE
added 2020/11/10 12:51 p.m.108 views

CVE-2020-0438

CVE-2020-0438 affects Android via the AIBinder_Class constructor in ibinder.cpp (libbinder_ndk). It enables potential arbitrary code execution and local privilege escalation without user interaction, when a vulnerable process uses the component. Documented impact includes local escalation of priv...

7.8CVSS7.9AI score0.00164EPSS
CVE
CVE
added 2021/04/13 6:21 p.m.108 views

CVE-2021-0432

The CVE-2021-0432 issue affects Android 11, related to ClearPullerCacheIfNecessary and ForceClearPullerCache in StatsPullerManager.cpp. The root cause is a race condition causing a use-after-free, enabling local escalation of privilege with no extra execution privileges required and no user inter...

7CVSS7AI score0.00086EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.108 views

CVE-2021-0693

CVE-2021-0693 pertains to Android 11 and involves the HeapDumpProvider.java openFile path, where an unprotected provider could allow retrieving generated heap dumps from debuggable apps. This creates a local information disclosure risk without requiring privileges or user interaction. The vulnera...

5.5CVSS5.1AI score0.00111EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.108 views

CVE-2021-0923

CVE-2021-0923 affects Google Android 12, described as an elevation of privilege in Framework: in Permission.java createOrUpdate there is a missing permission check that could allow a local attacker to gain internal permissions without additional execution privileges and without user interaction. ...

7.8CVSS7.8AI score0.0011EPSS
CVE
CVE
added 2021/10/25 1:20 p.m.108 views

CVE-2021-0938

CVE-2021-0938 is described as a by-design bypass in memzero_explicit of compiler-clang.h, enabling a local information disclosure due to uninitialized data in the kernel/Android context. The issue is exploitable with local access and does not require user interaction, per the description. The Con...

5.5CVSS5.5AI score0.0015EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.108 views

CVE-2022-20434

CVE-2022-20434 is a local Elevation of Privilege in Android related to a missing authorization check in a system service. The vulnerability is associated with UNISOC components listed in the Android 2022-10-01/10-05 patch cycles (as shown in the Android bulletin mappings), affecting Android Telep...

7.8CVSS7.5AI score0.00154EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.108 views

CVE-2022-20439

CVE-2022-20439 affects Android Messaging. The description indicates an unauthorized provider in Messaging could cause a Local Denial of Service, with a base CVSS v3.1 score of 5.5 (Local, Low attack complexity, Privileges required: Low, user interaction: None, availability impact: High). The avai...

5.5CVSS5.5AI score0.00113EPSS
CVE
CVE
added 2022/06/06 5:39 p.m.108 views

CVE-2022-21755

The CVE-2022-21755 entry concerns a MediaTek WLAN driver vulnerability: an out-of-bounds read caused by an incorrect bounds check. This could allow local information disclosure and potentially system-privilege execution, with no user interaction required. Patch ALPS06545464/Issue ALPS06545464 is ...

4.4CVSS4.2AI score0.00109EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.108 views

CVE-2022-27836

CVE-2022-27836 impacts Samsung Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1, due to improper access control and path traversal. This allows local attackers to access arbitrary system files; the patch adds validation logic to prevent arbitrary file access (security u...

8.4CVSS7.5AI score0.00142EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.108 views

CVE-2022-39106

CVE-2022-39106 : Concrete details from connected sources show an out-of-bounds write in the kernel sensor driver for Unisoc devices, caused by a missing bounds check. This can lead to local denial of service. The documents do not specify affected models/versions or a fixed patch version. No explo...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.108 views

CVE-2022-39129

CVE-2022-39129 describes a potential out-of-bounds write in the face detect driver caused by a missing bounds check, leading to local denial of service in the kernel. The primary sources in the connected set reiterate this issue across multiple advisories (NVD entry and vendor postings) and class...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.108 views

CVE-2022-42499

CVE-2022-42499 affects the Android modem component sms_MmConManagement.c, where a heap buffer overflow can cause an out-of-bounds write. This vulnerability could enable remote code execution with no privileges and no user interaction required. Publicly available details in the Red Hat, NVD, and C...

9.8CVSS9.3AI score0.00503EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.108 views

CVE-2022-42529

CVE-2022-42529 affects the Android kernel (Pixel devices) per the CVE entries. The provided documents confirm the vulnerability is kernel-related, but do not supply detailed root-cause information or specific vulnerable functions/files. Impact is described as high (confidentiality, integrity, ava...

9.8CVSS9AI score0.00392EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.108 views

CVE-2022-44430

CVE-2022-44430 describes a possible missing bounds check in the wlan driver, enabling a local denial of service in wlan services. Public records map this issue to Unisoc/Android WLAN components, with a CVSS v3.1 base score of 5.5 (Attack Vector: Local; Privileges Required: Low; User Interaction: ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.108 views

CVE-2022-47336

CVE-2022-47336 involves a missing permission check in the telecom service, which the available documents identify as a local denial-of-service risk. The root cause is described as an insufficient authorization gate within the telecom service, enabling a local attacker to disrupt service availabil...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.108 views

CVE-2023-40130

CVE-2023-40130 affects Android’s CallRedirectionProcessor (notifyTimeout). The issue is a logic error allowing a local elevation of privilege with no extra execution privileges required and no user interaction. The documentation explicitly states the vulnerability as a permission bypass in the Ca...

7.8CVSS7.4AI score0.00112EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.108 views

CVE-2024-20011

The CVE-2024-20011 issue affects MediaTek’s alac decoder, caused by an incorrect bounds check that enables information disclosure and could lead to remote code execution without user interaction. The vulnerability is rated high/critical with network access and no privileges required. A patch is r...

9.8CVSS8.5AI score0.00453EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.108 views

CVE-2024-20103

In CVE-2024-20103, MediaTek WLAN firmware contains an out-of-bounds write due to improper input validation, enabling remote code execution with no privileges or user interaction required. The vulnerability affects WLAN-related firmware (MediaTek) and is tracked under Patch ID ALPS09001358 and MSV...

9.8CVSS7.9AI score0.00335EPSS
CVE
CVE
added 2025/02/03 3:23 a.m.108 views

CVE-2024-20141

MediaTek MT8893 V5 DA module (MediaTek DA) contains an out-of-bounds write due to a missing bounds check, enabling local privilege escalation with physical access. Exploitation requires user interaction; no remote/vector details provided. Patch ALPS09291402 (MSV-2073) addresses this issue. Refere...

6.8CVSS6.6AI score0.00102EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.108 views

CVE-2024-23698

CVE-2024-23698 affects the Android/Linux kernel code path RGXFWChangeOSidPriority in rgxfwutils.c, where a missing bounds check could enable arbitrary code execution and local escalation of privilege with no user interaction. The issue is described consistently across multiple sources (Android An...

7.8CVSS7.4AI score0.00106EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.108 views

CVE-2024-27224

CVE-2024-27224 is an out-of-bounds write in strncpy.c (strncpy), causing local elevation of privilege due to a missing bounds check. Documented as an EoP issue affecting Google Pixel components (Little Kernel) with exploitation details not provided in the supplied sources. The vulnerability is li...

7.8CVSS7AI score0.0008EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.108 views

CVE-2024-27225

The CVE-2024-27225 entry concerns Google Pixel devices. In the Bluetooth HCI code path (bluetooth_hci.cc, sendHciCommand) there is an out-of-bounds read due to a heap buffer overflow. This can cause local information disclosure with system execution privileges; no user interaction is required for...

4.4CVSS6.2AI score0.00087EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.108 views

CVE-2024-27229

CVE-2024-27229 describes a null pointer dereference in ss_SendCallBarringPwdRequiredIndMsg within ss_CallBarring.c, leading to remote denial of service without user interaction. The vulnerability is tracked in Android/Pixel advisories and is listed in the Pixel March 2024 update bulletin with DoS...

7.5CVSS6.9AI score0.00367EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.108 views

CVE-2024-43089

CVE-2024-43089 affects the Android MediaProvider component. The root cause is a missing permission check in the MediaProvider.updateInternal method, which can allow an attacker to access another app’s files and achieve local elevation of privilege. The impact is limited to local privilege escalat...

7.8CVSS7.1AI score0.00097EPSS
CVE
CVE
added 2019/06/19 8:4 p.m.107 views

CVE-2019-2022

CVE-2019-2022 affects Android platforms (Android-7.0 through Android-9) and is tied to rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp in rw_t3t.cc, where a missing bounds check enables a possible out-of-bounds read leading to local information disclosure. Exploitation requires user inter...

7.1CVSS5.9AI score0.00779EPSS
CVE
CVE
added 2020/09/17 3:50 p.m.107 views

CVE-2020-0389

CVE-2020-0389 affects Android 10/11 in the Framework area, specifically via RecordingService.java createSaveNotification. The issue is a permission bypass caused by an unsafe PendingIntent, enabling local information disclosure with user privileges and no user interaction needed. Public details i...

5.5CVSS5AI score0.00156EPSS
CVE
CVE
added 2020/09/17 3:27 p.m.107 views

CVE-2020-0392

CVE-2020-0392 is a concrete vulnerability in the Android SurfaceFlinger component. The issue arises in getLayerDebugInfo of SurfaceFlinger.cpp, where a double free can occur, enabling a local escalation of privilege with no additional execution privileges required. Affected: Android 9, 10, and 11...

7.8CVSS7.8AI score0.00266EPSS
CVE
CVE
added 2020/11/10 12:48 p.m.107 views

CVE-2020-0448

CVE-2020-0448 : In TelecomServiceImpl.getPhoneAccountsForPackage, a missing permission check can allow disclosure of a tracking identifier, enabling account tracking across devices with no extra privileges. Impact described as local information disclosure of the identifier (no integrity/DoS impac...

5.5CVSS5.1AI score0.00149EPSS
CVE
CVE
added 2020/11/10 12:49 p.m.107 views

CVE-2020-0451

CVE-2020-0451 is a vulnerability in Android’s Media Framework (sbrdecoder.cpp, sbrDecoder_AssignQmfChannels2SbrChannels) where a heap buffer overflow can cause an out-of-bounds write, enabling remote code execution with high impact. Exploitation requires user interaction. Affected Android version...

9.3CVSS8.9AI score0.0187EPSS
CVE
CVE
added 2020/12/14 9:52 p.m.107 views

CVE-2020-0460

CVE-2020-0460 affects Android 11, in CertInstaller.java (createNameCredentialDialog). Root cause: a logic error that can improperly install certificates, leading to remote information disclosure with no privileges and no user interaction required. Public details come from Android 2020-12-01/12-05...

7.5CVSS7AI score0.00738EPSS
Total number of security vulnerabilities8153