Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/09/13 7:13 p.m.105 views

CVE-2021-0697

CVE-2021-0697 is a race-condition vulnerability in the PVRSRVRGXSubmitTransferKM path of rgxtransfer.c (PowerVR GPU) on Android SoCs. It enables a possible user-after-free leading to local escalation of privilege with no additional execution privileges required and no user interaction. Exploit st...

7CVSS7.1AI score0.00072EPSS
CVE
CVE
added 2021/10/22 1:27 p.m.105 views

CVE-2021-0703

CVE-2021-0703 is an Android 11 vulnerability in the Android runtime component (SecondStageMain in init.cpp) caused by incorrect shared_ptr usage, leading to a use-after-free and local escalation of privilege when an attacker has physical access to the device (no user interaction required). Docume...

7.2CVSS6.8AI score0.00124EPSS
CVE
CVE
added 2022/09/13 7:13 p.m.105 views

CVE-2021-0871

PowerVR kernel driver issue CVE-2021-0871 involves PVRSRVBridgePMRPDumpSymbolicAddr where a missing size check can cause an integer overflow and out-of-bounds heap access. The described impact is local escalation of privilege with no additional execution privileges needed, and exploitation is not...

7.8CVSS7.8AI score0.00099EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.105 views

CVE-2021-39636

CVE-2021-39636 is a local information-disclosure vulnerability in the Linux kernel's ip_tables.c (do_ipt_get_ctl/do_ipt_set_ctl) that can leak uninitialized kernel data. Android kernel also implicated in the description. The issue enables local information disclosure with system execution privile...

4.4CVSS4.7AI score0.00222EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.105 views

CVE-2022-20037

The CVE-2022-20037 entry concerns the ion driver with an information-disclosure flaw caused by an incorrect bounds check. This can enable local information disclosure without additional execution privileges and requires no user interaction. The issue is associated with patch ALPS06171705 (Issue I...

5.5CVSS5.1AI score0.00118EPSS
CVE
CVE
added 2022/05/03 8:6 p.m.105 views

CVE-2022-20111

CVE-2022-20111 affects MediaTek ion (ion memory allocator) with a use-after-free caused by incorrect error handling, leading to local privilege escalation without user interaction. The vulnerability is described as requiring local access to exploit, with a potential for high-impact kernel/privile...

8.4CVSS8.1AI score0.00112EPSS
CVE
CVE
added 2022/06/15 1:18 p.m.105 views

CVE-2022-20149

CVE-2022-20149 is listed in the Pixel Update Bulletin as a Modem-component vulnerability with Type: ID (information disclosure) and Moderate severity. The connected Pixel bulletin entry confirms the issue is mapped to the Modem and labeled as an information-disclosure (ID) vulnerability, but does...

7.5CVSS7.4AI score0.00358EPSS
CVE
CVE
added 2022/08/11 3:4 p.m.105 views

CVE-2022-20402

CVE-2022-20402 is documented in the Pixel Update Bulletin as a Critical RCE affecting the Android kernel via the modem component. The NVD entry shows a high-severity, network-exposed vulnerability with CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (score 9.8). The Pixel bulletin lists CVE-2022-2...

9.8CVSS9.1AI score0.00349EPSS
CVE
CVE
added 2022/11/17 12:0 a.m.105 views

CVE-2022-20427

CVE-2022-20427 affects the Android kernel and is tied to memory corruption caused by improper input validation, leading to local escalation of privilege with high impact on confidentiality, integrity, and availability. Exploitation is described as local with no user interaction required; details ...

6.7CVSS6.6AI score0.0009EPSS
CVE
CVE
added 2022/11/17 12:0 a.m.105 views

CVE-2022-20459

CVE-2022-20459 affects the Android kernel’s Titan M component on Google Pixel devices. The issue is described as improper input validation that can redirect code execution, enabling local escalation of privilege with system-level privileges and no user interaction required. The vulnerability is c...

6.7CVSS6.9AI score0.0009EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.105 views

CVE-2022-38672

CVE-2022-38672 affects the face detect driver and involves a missing bounds check that enables a local out-of-bounds write. This can lead to local denial of service in the kernel. Connected documents (OSV/NVD) confirm the same description; no exploit details, affected firmware versions, or patche...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.105 views

CVE-2022-38676

CVE-2022-38676 involves a missing bounds check in the GPU driver, causing an out-of-bounds write that could lead to local denial of service in the kernel. Connected sources indicate the issue affects GPU/kernel components (notably Unisoc-related kernel paths) and is described as a local DoS risk....

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.105 views

CVE-2022-47462

CVE-2022-47462 involves a missing permission check in the telephone service, enabling local escalation of privilege to system execution privileges. Public sources corroborate a vulnerability in the telephony stack (com.android.phone/system) with a Local attack vector and high impact on confidenti...

6.7CVSS6.7AI score0.00096EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.105 views

CVE-2022-47470

The CVE-2022-47470 issue concerns the ext4fsfilter driver and is caused by a missing bounds check that leads to an out-of-bounds read. The vulnerability allows local denial of service with SYSTEM privileges required, as described in multiple sources (e.g., Red Hat, NVD, CVE lists). Affected compo...

4.4CVSS4.6AI score0.00096EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.105 views

CVE-2022-48454

CVE-2022-48454 concerns the wifi service, where a missing bounds check can cause an out-of-bounds write leading to local denial of service without extra privileges. The issue is supported by multiple sources in the provided set (NVD entry reproduces the description and CVSS metrics; Red Hat advis...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.105 views

CVE-2023-40103

CVE-2023-40103 affects Android Framework components and is caused by a double free leading to memory corruption. The vulnerability enables local elevation of privilege with no user interaction. According to the Android December 2023 bulletin, CVE-2023-40103 is addressed in the Framework with upda...

7.8CVSS7.7AI score0.00162EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.105 views

CVE-2024-20065

CVE-2024-20065 concerns a local information-disclosure flaw in the telephony stack caused by a missing permission check. The issue allows disclosure without extra execution privileges and requires no user interaction. Connected sources tie this to Mediatek telephony components (ALPS08698617; MSV-...

4CVSS6AI score0.00095EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.105 views

CVE-2024-22011

CVE-2024-22011 affects the Android/Pixel surface via the ss_ProcessRejectComponent function in ss_MmConManagement.c, where a missing bounds check enables an out-of-bounds read. This can lead to remote information disclosure without user interaction and without additional execution privileges. The...

7.5CVSS6.4AI score0.00343EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.105 views

CVE-2024-25986

CVE-2024-25986 affects the drm_fw.c component’s ppmp_unprotect_buf logic, enabling possible protection-memory compromise and local escalation of privilege to TEE without extra execution privileges; user interaction is not required. No exploitation details or patch information are provided in the ...

7.8CVSS6.9AI score0.00092EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.105 views

CVE-2024-40651

CVE-2024-40651 describes a possible local escalation of privilege in the Android kernel stemming from a use-after-free caused by a logic error (exact component not disclosed in provided documents). The vulnerability, as described across multiple sources, can be exploited with local access and doe...

8.4CVSS7.3AI score0.00086EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.105 views

CVE-2024-43080

CVE-2024-43080 affects Android’s AppRestrictionsFragment.java, where unsafe deserialization can lead to a local escalation of privilege. The issue enables privilege elevation with no extra execution privileges, and exploitation requires user interaction. The CVE entry provides a high impact asses...

7.8CVSS7.2AI score0.00122EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.105 views

CVE-2024-43083

Modes C: CVE-2024-43083 affects Google Android WiFi stack. The vulnerability is in the validate() function of WifiConfigurationUtil.java and can cause a persistent denial of service via resource exhaustion, leading to local DoS with no required user interaction. Documented impact is DoS with avai...

6.2CVSS6.7AI score0.00096EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.105 views

CVE-2025-48572

CVE-2025-48572 is an Android Framework privilege-escalation vulnerability. It stems from improper input validation in the Framework component, allowing a local application to launch activities from background and execute arbitrary code with elevated privileges. Affected products are Android devic...

7.8CVSS6.5AI score0.00232EPSS
In wild
CVE
CVE
added 2026/03/02 6:43 p.m.105 views

CVE-2026-0047

In Android, CVE-2026-0047 relates to a missing permission check in ActivityManagerService.java’s dumpBitmapsProto, allowing an app to access private information and achieve local privilege escalation with no extra execution privileges or user interaction required. The description notes a local es...

8.4CVSS6.1AI score0.00138EPSS
CVE
CVE
added 2022/05/03 8:4 p.m.104 views

CVE-2022-20105

CVE-2022-20105 concerns MediaTek MM service vulnerable to a stack-based buffer overflow causing an out-of-bounds write, enabling local privilege escalation with SYSTEM-level execution privileges required by the exploit. All sources consistently describe the flaw as a local, no-user-interaction vu...

6.7CVSS6.8AI score0.00129EPSS
CVE
CVE
added 2022/06/15 1:20 p.m.104 views

CVE-2022-20170

CVE-2022-20170 affects Google Pixel modem/Kernel stack (Pixel modem) and enables a remote code execution via a zero-click attack that could downgrade the device to 2G and seize control of the handset. Publicly documented as a critical, network-exposed vulnerability (CVSS v3.1 score 9.8). Google p...

10CVSS9.1AI score0.00509EPSS
CVE
CVE
added 2022/08/11 3:3 p.m.104 views

CVE-2022-20400

CVE-2022-20400 affects Android kernel code, specifically the cd_CodeMsg path in cd_codec.c, where a missing bounds check can cause an out-of-bounds write. This leads to remote code execution with no privileges required and no user interaction, as indicated by the description and NVD metrics (CVSS...

9.8CVSS9.3AI score0.00546EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.104 views

CVE-2022-22272

CVE-2022-22272 affects TelephonyManager in Samsung/Android prior to the SMR Jan-2022 Release 1. The issue is improper authorization that allows an attacker to obtain the IMSI without READ_PRIVILEGED_PHONE_STATE permission. Root cause is insufficient access control in TelephonyManager’s handling o...

4CVSS4.1AI score0.00102EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.104 views

CVE-2022-47486

CVE-2022-47486 affects the ext4fsfilter driver and is caused by a missing bounds check that enables an out‑of‑bounds read. The consequence is a possible local denial of service with System privileges required. Public details in the provided documents consistently describe the issue as a local DoS...

4.4CVSS4.6AI score0.00096EPSS
CVE
CVE
added 2023/06/06 5:12 a.m.104 views

CVE-2022-48391

CVE-2022-48391 describes a missing permission check in the telephony service, leading to a local Denial of Service with no additional execution privileges. Connected sources reference Android/Unisoc components and related CVE mappings, but no explicit affected versions, vendor details, or availab...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.104 views

CVE-2023-20621

CVE-2023-20621 affects tinysys and describes an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation with System privileges and no user interaction required. Public details indicate a patch ID ALPS07664755 (Issue ALPS07664755) exists, but the exact vulnerable ...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.104 views

CVE-2023-20653

MediaTek CVE-2023-20653 describes an out-of-bounds write in the keyinstall component due to a missing bounds check, enabling local escalation of privilege with System execution privileges required and no user interaction. The issue is tied to the patch ALPS07628168 (Issue ALPS07589144). Exploitat...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.104 views

CVE-2023-20654

CVE-2023-20654 affects MediaTek keyinstall: an out-of-bounds write due to a missing bounds check can cause local elevation of privilege with system execution privileges. No user interaction is required. Affected item is keyinstall (MediaTek ALPS family); patch ALPS07628168 is referenced, with Iss...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.104 views

CVE-2024-20009

CVE-2024-20009 concerns MediaTek’s alac decoder where an out-of-bounds write can occur due to incorrect error handling. The vulnerability could enable remote escalation of privilege with no additional execution privileges required, and exploitation requires user interaction. The issue is document...

8.8CVSS8.6AI score0.00378EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.104 views

CVE-2024-22006

CVE-2024-22006 describes an out-of-bounds read in the TMU plugin that enables memory disclosure within the device’s power-management subsystem. Public sources list this as an information disclosure-type vulnerability with a CVSSv3.1 base score of 5.3 (Network attack vector, Low confidentiality im...

5.3CVSS6.6AI score0.00226EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.104 views

CVE-2024-22009

CVE-2024-22009 is an out-of-bounds write in the init_data function causing local privilege escalation with no user interaction required. Documented impact is high (CVE affects Google Pixel ACPM path; exploit would grant elevated privileges locally). Root cause: missing bounds check leading to an ...

7.1CVSS7AI score0.00086EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.104 views

CVE-2024-27204

CVE-2024-27204 involves an out-of-bounds write in tmu_set_gov_active of tmu.c caused by a missing bounds check. The issue allows local escalation of privilege with no additional privileges required and does not require user interaction. Connected sources confirm the vulnerability in media/firmwar...

8.4CVSS7AI score0.00107EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.104 views

CVE-2024-27207

CVE-2024-27207 affects Android/Google Pixel devices and is described as an elevation-of-privilege issue caused by exported broadcast receivers that can bypass broadcast protection. The Red Hat/NVD entries reiterate the export receivers vulnerability with the same description, and the Android Pixe...

9.1CVSS6.8AI score0.00259EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.104 views

CVE-2024-34724

CVE-2024-34724 describes a race condition in the kernel function _UnrefAndMaybeDestroy (pmr.c) that can enable arbitrary code execution and local escalation of privilege without user interaction. The vulnerability is rooted in race timing within memory/reference handling, allowing a local attacke...

7CVSS7.4AI score0.00081EPSS
CVE
CVE
added 2024/11/13 5:13 p.m.104 views

CVE-2024-34747

CVE-2024-34747 is described across multiple sources as a use‑after‑free in the DevmemXIntMapPages path of devicemem_server.c. The underlying flaw is a logic error that can enable local escalation of privilege in the kernel without additional execution privileges and without user interaction. The ...

8.4CVSS6.8AI score0.00113EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.104 views

CVE-2024-40654

CVE-2024-40654 is an Android issue described across multiple sources as a privilege bypass (confused deputy) that could enable local escalation of privilege. Exploitation is noted to require user interaction in at least one description, with impact described as high (confidentiality, integrity, a...

7.8CVSS7.2AI score0.0008EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.104 views

CVE-2024-43082

CVE-2024-43082 concerns an information-disclosure flaw in Android involving the onActivityResult path of the EditUserPhotoController.java. The root cause is a confused deputy leading to a cross-user media read, enabling local information disclosure without extra execution privileges. The exploit ...

5.5CVSS6.2AI score0.00101EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.103 views

CVE-2017-0752

CVE-2017-0752 is an elevation-of-privilege issue in the Android framework (windowmanager) affecting Android 4.4.4 through 7.1.2. Root cause: privilege escalation via windowmanager overlay/toast-style interaction (no exploit details provided in the sources). Impact is described as high (confidenti...

9.3CVSS7.5AI score0.0043EPSS
CVE
CVE
added 2019/06/19 7:58 p.m.103 views

CVE-2019-2011

CVE-2019-2011 affects Android 8.0–9, with a vulnerable code path in Parcel.cpp: readNullableNativeHandleNoDup, where a missing bounds check can cause an out-of-bounds write. This yields local escalation of privilege with no extra privileges or user interaction required. Impact is described as EoP...

7.8CVSS7.7AI score0.00185EPSS
CVE
CVE
added 2020/08/11 7:30 p.m.103 views

CVE-2020-0253

CVE-2020-0253 is a memory corruption (use-after-free) vulnerability in the MediaTek Multimedia Processing Driver for Android, classified as Elevation of Privilege (EoP) with High impact. Affected: Android devices using MediaTek multimedia driver; root cause: use-after-free leading to unauthorized...

10CVSS9.1AI score0.00646EPSS
CVE
CVE
added 2020/06/04 11:25 p.m.103 views

CVE-2020-13843

Technical details about CVE-2020-13843 are not provided in the supplied documents; monitor for updates.

5.5CVSS5.5AI score0.0012EPSS
CVE
CVE
added 2021/03/10 3:40 p.m.103 views

CVE-2021-0398

CVE-2021-0398 describes a local EoP in Android 11 where ActiveServices.bindServiceLocked could allow a confused deputy to launch a foreground service, requiring no user interaction. The vulnerability is rooted in bindServiceLocked in ActiveServices.java, with the potential to elevate privileges w...

7.8CVSS7.6AI score0.00127EPSS
CVE
CVE
added 2021/04/13 6:22 p.m.103 views

CVE-2021-0426

CVE-2021-0426 affects Android 11 (and referenced entries) with a vulnerability in LogEvent.cpp: parsePrimaryFieldFirstUidAnnotation that can cause a heap buffer overflow leading to local elevation of privilege. Exploitation requires no user interaction; attacker could gain higher privileges withi...

7.8CVSS7.8AI score0.00124EPSS
CVE
CVE
added 2021/04/13 6:20 p.m.103 views

CVE-2021-0445

CVE-2021-0445 affects Android 9 and 11 (WelcomeActivity.java) where a mismanaged profile in the Welcome flow introduces a confused deputy, enabling local escalation of privilege without extra execution privileges or user interaction. The issue is a residual profile condition in Startup/Welc ome f...

7.8CVSS7.7AI score0.00119EPSS
CVE
CVE
added 2022/08/11 3:3 p.m.103 views

CVE-2022-20384

CVE-2022-20384 is referenced in Pixel security bulletin as an Elevation of Privilege in the Modem component affecting Google Pixel devices (Modem stack). The bulletin groups it under Pixel issues and indicates affected devices receive patches at the 2022-08-05 security level. No explicit root-cau...

9.8CVSS9AI score0.00306EPSS
Total number of security vulnerabilities8153