Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/10/14 12:0 a.m.103 views

CVE-2022-20464

CVE-2022-20464 affects Android’s audio processing path in ap_input_processor.c (Android kernel). The logic error can allow recording audio during a phone call, causing local information disclosure. Impact is confidentiality loss (HIGH) with access locally from a user with LOW privileges and no us...

5.5CVSS5AI score0.00095EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.103 views

CVE-2022-2984

CVE-2022-2984 affects the jpg driver in the Linux kernel. The root cause is a missing bounds check that can cause an out-of-bounds write, leading to local Denial of Service. The available connected documents consistently state a kernel-level impact but do not provide exploit details, affected ker...

5.5CVSS5.4AI score0.00117EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.103 views

CVE-2022-38673

CVE-2022-38673 affects the face detect driver and relates to an out-of-bounds write caused by a missing bounds check. The impact stated across the provided sources is local denial of service in kernel space. The connected documents (Red Hat, OSV, NVD, etc.) consistently describe the same issue bu...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.103 views

CVE-2023-21402

CVE-2023-21402 affects the PowerVR GPU driver (Imagination Technologies) in Android/ChromeOS via the MMU_UnmapPages() function in mmu_common.c. The issue is an out-of-bounds read caused by improper input validation, enabling local escalation of privilege in the kernel with no user interaction req...

9.8CVSS8.3AI score0.00414EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.103 views

CVE-2023-32818

MediaTek vdec component is affected by CVE-2023-32818 due to a type confusion that can trigger an out-of-bounds write, enabling local escalation of privilege with SYSTEM-level privileges required. Exploitation is reported as not needing user interaction. The patch IDs provided are ALPS08163896 an...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.103 views

CVE-2023-32819

CVE-2023-32819 affects MediaTek components (display path) with a missing bounds check, causing information disclosure that could lead to local escalation of privileges (System level) without user interaction. The issue is documented under patch ALPS07993705 and is referenced across multiple feeds...

4.4CVSS4.3AI score0.00085EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.103 views

CVE-2024-27213

The CVE-2024-27213 issue is a use-after-free in BroadcastSystemMessage within servicemgr.cpp that could allow Remote Code Execution, causing local elevation of privilege with no user interaction required. The available documents confirm the vulnerable component and the general impact (RCE and LPE...

8.4CVSS7.6AI score0.00117EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.103 views

CVE-2024-27235

CVE-2024-27235 is documented in Google Pixel security updates as affecting the ACPM component (Pixel). The root cause is an out-of-bounds read in the plugin_extern_func due to a missing bounds check, leading to possible local information disclosure with no required user interaction. The vulnerabi...

5.5CVSS6AI score0.00084EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.103 views

CVE-2024-31334

CVE-2024-31334 affects the DevmemIntFreeDefBackingPage function in the Android/Linux kernel code path devicemem_server.c. The described logic error could allow arbitrary code execution leading to local elevation of privilege without requiring user interaction. Exploitation is local (no remote vec...

7.8CVSS7.4AI score0.001EPSS
CVE
CVE
added 2020/11/10 12:52 p.m.102 views

CVE-2020-0437

CVE-2020-0437 affects Android's CellBroadcastReceiver: a missing permission check in the intent handlers can allow a local attacker to cause a denial of service of emergency alerts without extra privileges or user interaction. The vulnerability is listed against Android versions 8.0–11. Exploitat...

5.5CVSS5.3AI score0.00143EPSS
CVE
CVE
added 2021/10/06 2:12 p.m.102 views

CVE-2021-0635

CVE-2021-0635 affects the Video component (Unisoc/Android 10) where extracting an incorrectly formatted FLV file can corrupt memory, causing a crash and video playback failure. The Red Hat/NVD entries describe potential for malicious code execution leading to loss of user rights, with CVSS 3.1 ba...

7.8CVSS7.5AI score0.00301EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.102 views

CVE-2022-20033

CVE-2022-20033 affects the camera driver in MediaTek-based devices. The root cause is an incorrect bounds check that enables an out-of-bounds read, leading to local information disclosure and potential System-level execution privileges. Exploitation reportedly does not require user interaction. A...

4.4CVSS4.2AI score0.00123EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.102 views

CVE-2022-20051

CVE-2022-20051 affects the ims service and is linked to incorrect privilege assignment that can cause unexpected application behavior and local denial of service without requiring user interaction or additional privileges. The vulnerability is mitigated by patch ALPS06219127 (Issue ALPS06219127);...

5.5CVSS5.4AI score0.00101EPSS
CVE
CVE
added 2022/05/03 8:3 p.m.102 views

CVE-2022-20103

In CVE-2022-20103, aee daemon is vulnerable to information disclosure via symbolic link following, enabling local information exposure and requiring system privileges for exploitation. Exploitation reportedly does not require user interaction. The vulnerability is associated with patch ALPS063839...

4.4CVSS4.3AI score0.00129EPSS
CVE
CVE
added 2022/06/15 1:23 p.m.102 views

CVE-2022-20201

The CVE-2022-20201 issue affects Android's InstalldNativeService.cpp, specifically the getAppSize function, where a missing bounds check can cause an out-of-bounds read. This enables local escalation of privileges with System execution privileges implied, and exploitation does not require user in...

6.7CVSS6.6AI score0.00122EPSS
CVE
CVE
added 2022/08/11 3:1 p.m.102 views

CVE-2022-20378

CVE-2022-20378 affects Android kernel and Pixel modem. The Pixel security bulletin lists it under the Kernel/Modem category as an Elevation of Privilege (EoP) issue with “Modem” as the component and indicates a high-severity impact, corroborated by NVD’s CVSS v3.1 base score of 9.8 (CRITICAL) wit...

9.8CVSS9AI score0.00321EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.102 views

CVE-2022-20535

CVE-2022-20535 affects Android 13 via a side-channel in WifiManager.registerLocalOnlyHotspotSoftApCallback that can reveal whether an app is installed without query permissions, enabling local information disclosure. Exploitation requires local access; no user interaction is needed. The issue is ...

3.3CVSS3.5AI score0.00118EPSS
CVE
CVE
added 2022/06/06 5:36 p.m.102 views

CVE-2022-21750

CVE-2022-21750 affects MediaTek WLAN drivers and describes an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation with System execution privileges required. The vulnerability is exploitable without user interaction, per the description. Connected sources conf...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2022/06/06 5:40 p.m.102 views

CVE-2022-21759

CVE-2022-21759 describes an out-of-bounds write in the power service caused by a missing bounds check, enabling local privilege escalation to System privileges without user interaction. Multiple sources (NVD, Red Hat, PRION, CVE lists) confirm the issue and states a patch is available (Patch ID A...

6.7CVSS6.7AI score0.0013EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.102 views

CVE-2022-23429

CVE-2022-23429 describes an improper boundary check in the Android audio HAL service prior to SMR Feb-2022 Release 1, allowing local attackers to read invalid memory and cause an application crash. In the provided connected records, the vulnerability is documented across multiple sources (NVD, Re...

5.3CVSS4.6AI score0.001EPSS
CVE
CVE
added 2022/03/08 1:47 p.m.102 views

CVE-2022-25821

CVE-2022-25821 affects Samsung’s Shannon baseband (SMS handling). The vulnerability arises from improper use of the SMS buffer pointer, enabling an out-of-bounds read. Public sources describe impact as read access to memory due to buffer mismanagement in Shannon baseband prior to SMR Mar-2022 Rel...

7.1CVSS6.9AI score0.00109EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.102 views

CVE-2022-38670

The CVE-2022-38670 entry describes a vulnerability in the soundrecorder service caused by a missing permission check, potentially enabling local elevation of privilege in the contacts service without requiring additional execution privileges. Connected documents (RH/CVE, NVD, OSV entries) confirm...

7.8CVSS7.6AI score0.0011EPSS
CVE
CVE
added 2023/10/11 7:26 p.m.102 views

CVE-2023-40141

The CVE-2023-40141 issue affects the temp_residency_name_store function in thermal_metrics.c, where a missing bounds check enables an out-of-bounds write. This is described as a potential local privilege escalation with no additional execution privileges required and no user interaction needed. C...

7.8CVSS7.8AI score0.00091EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.102 views

CVE-2023-48340

CVE-2023-48340 is linked to Unisoc Android video decoder and corresponds to an out-of-bounds write caused by improper input validation. The result is local denial of service with no extra privileges required. Publicly detailed exploit vectors or fixes are not provided in the connected documents; ...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.102 views

CVE-2024-34726

The CVE-2024-34726 issue is in PVRSRV_MMap (pvr_bridge_k.c) of the PVR bridge kernel module. A logic error in PVRSRV_MMap can allow arbitrary code execution, enabling local kernel escalation of privilege with no extra execution privileges and without user interaction. The available documents do n...

7.8CVSS7.4AI score0.00111EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.102 views

CVE-2024-43087

Android vulnerability CVE-2024-43087 affects the accessibility subsystem: in AccessibilitySettings.java, getInstalledAccessibilityPreferences contains a logic flaw that can allow hiding an enabled accessibility service in the settings. This could enable local escalation of privilege with no extra...

8.4CVSS7.4AI score0.00112EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.102 views

CVE-2024-43088

CVE-2024-43088 describes a local privilege escalation in Android involving multiple functions in AppInfoBase.java where a missing permission check allows manipulating another user’s app permission settings. Exploitation requires local access and does not need user interaction; no public exploit d...

8.4CVSS7.3AI score0.00175EPSS
CVE
CVE
added 2024/09/13 8:28 p.m.102 views

CVE-2024-44096

CVE-2024-44096 affects Google Pixel devices (Android) and is caused by an insecure default value that enables an arbitrary read, potentially leading to local information disclosure with system execution privileges. Exploitation does not require user interaction. The issue is listed in the Pixel s...

4.4CVSS6.4AI score0.00078EPSS
CVE
CVE
added 2026/03/02 8:39 a.m.102 views

CVE-2026-20435

CVE-2026-20435 concerns a logic error in the preloader of MediaTek-based devices that allows reading device unique identifiers. The vulnerability can enable local information disclosure with physical access and no required user interaction or execution privileges. Affected component: preloader; u...

4.6CVSS6.1AI score0.00115EPSS
CVE
CVE
added 2016/12/08 9:0 p.m.101 views

CVE-2015-8967

From connected documents: CVE-2015-8967 affects the Linux kernel's arch/arm64/kernel/sys.c prior to version 4.0. Local users with write access can bypass the kernel’s strict page permissions and modify the system-call table to gain privileges, implying local privilege escalation. A patch/commit a...

9.3CVSS8AI score0.00833EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.101 views

CVE-2017-13216

CVE-2017-13216 affects Android kernel ashmem: in ashmem_ioctl, an out-of-bounds write occurs due to insufficient locking when accessing asma. This can enable local privilege escalation and code execution within a privileged process, with no user interaction required. Public advisories describe th...

7.8CVSS8AI score0.00949EPSS
CVE
CVE
added 2020/08/11 7:31 p.m.101 views

CVE-2020-0254

CVE-2020-0254 is an information-disclosure vulnerability in Android’s MediaTek Multimedia Processing Driver. It stems from an incorrect bounds check, which could allow an out-of-bounds read. The issue is associated with the MediaTek component in Android and is documented in the Android 2020 secur...

7.8CVSS7.3AI score0.00486EPSS
CVE
CVE
added 2020/12/15 4:17 p.m.101 views

CVE-2020-27067

CVE-2020-27067 affects the Android kernel’s l2tp subsystem, where a race condition can cause a use-after-free leading to local privilege escalation. Exploitation is described as requiring local access with no user interaction. The provided documents specify the affected product area and the impac...

6.4CVSS7.3AI score0.00135EPSS
CVE
CVE
added 2021/04/13 6:23 p.m.101 views

CVE-2021-0442

CVE-2021-0442 affects Android 11 in the Framework component, specifically in updateInfo of android_hardware_input_InputApplicationHandle.cpp. The issue is a use-after-free that can control code flow, enabling local elevation of privilege with no additional execution privileges required. Exploitat...

7.8CVSS7.8AI score0.00119EPSS
CVE
CVE
added 2021/07/14 1:46 p.m.101 views

CVE-2021-0577

CVE-2021-0577 affects the Android flv extractor component. The issue is described as an out-of-bounds write caused by a heap buffer overflow, leading to local privilege escalation with no additional execution privileges required and no user interaction needed. The vulnerability is labeled high se...

7.8CVSS7.8AI score0.00137EPSS
CVE
CVE
added 2021/10/06 2:12 p.m.101 views

CVE-2021-0680

CVE-2021-0680 : Affects Android on MediaTek components (System properties) where a missing permission check in system properties could allow local information disclosure without user interaction. Impact: disclosure of sensitive data on the device. Root cause per connected sources: insufficient ac...

5.5CVSS5.1AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.101 views

CVE-2021-0904

Summary: CVE-2021-0904 affects SRAMROM and describes a possible permission bypass due to an insecure permission setting, enabling local escalation of privilege with System execution privileges required. Exploitation is reported as requiring no user interaction. Affecting components: MediaTek/ALPS...

7.2CVSS6.8AI score0.00134EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.101 views

CVE-2022-20036

CVE-2022-20036 affects the ion driver and is caused by an incorrect bounds check, leading to local information disclosure with no additional privileges required and no user interaction. The impact is described as partial confidentiality loss, without exploitation details provided. A patch/mitigat...

5.5CVSS5.1AI score0.00118EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.101 views

CVE-2022-20041

CVE-2022-20041 concerns the Bluetooth subsystem with a missing permission check that can enable local privilege escalation without user interaction. The available reports consistently describe a local escalation of privilege, with the exploit requiring no extra execution privileges. The vulnerabi...

7.8CVSS7.6AI score0.00134EPSS
CVE
CVE
added 2022/03/09 5:3 p.m.101 views

CVE-2022-20059

CVE-2022-20059 concerns a boundary-check omission in the preloader (usb) leading to an out-of-bounds write and local privilege escalation with physical access. The entry notes user interaction is required for exploitation. Connected sources specify affected MediaTek MT line chips (e.g., MT6761/MT...

6.6CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2022/06/15 1:20 p.m.101 views

CVE-2022-20171

CVE-2022-20171 is a Critical remote code execution vulnerability affecting Google Pixel modem components, disclosed in the Pixel Update Bulletin (June 2022). The NVD entry lists CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network-based exploitation with no user interaction could co...

10CVSS9AI score0.00483EPSS
CVE
CVE
added 2022/06/15 1:20 p.m.101 views

CVE-2022-20172

CVE-2022-20172 concerns the Android kernel component ShannonRcsService.java, where the onbind method lacks a necessary permission check. This can enable local information disclosure without requiring additional execution privileges or user interaction, per multiple sources. Affected context is de...

5.5CVSS5.1AI score0.00103EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.101 views

CVE-2022-20190

Technical details for CVE-2022-20190 are not publicly available in the provided documents. No concrete information on affected components, root cause, impact, or fixes is present. Monitor for updates.

7.8CVSS7.4AI score0.0043EPSS
CVE
CVE
added 2022/08/11 3:0 p.m.101 views

CVE-2022-20370

CVE-2022-20370 ties to Android kernel/modem firmware with Android bug ID A-215730643. Pixel bulletin classifies it under Modem with type ID and Moderate severity; NVD describes a kernel-related issue affecting Android kernel (CVSSv3.1: 7.5, Network exploit, no user interaction). Some connected so...

7.5CVSS7.4AI score0.0028EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.101 views

CVE-2022-2985

CVE-2022-2985 : In the Android music service, a missing permission check could allow a local attacker to elevate privileges in the contacts service without any additional execution privileges. The vulnerability is described consistently across sources (NVD/CVE entry, CNVD, CNSC/NCSC advisories, O...

7.8CVSS7.6AI score0.00152EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.101 views

CVE-2022-39131

The CVE-2022-39131 entry concerns a memory corruption issue in a camera driver caused by improper locking, leading to local denial of service in the kernel. The affected component is described as the camera driver (no specific vendor/model in the provided documents). The root cause is improper sy...

5.5CVSS5.5AI score0.00067EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.101 views

CVE-2022-47469

CVE-2022-47469 affects the ext4fsfilter driver. A missing bounds check can cause an out-of-bounds read, leading to local denial of service with System privileges required. Public exploitation details are not provided in the supplied documents. No explicit remediation/version fix is stated within ...

4.4CVSS4.6AI score0.00096EPSS
CVE
CVE
added 2023/06/06 5:12 a.m.101 views

CVE-2022-48390

CVE-2022-48390 affects Unisoc Android telephony components and is caused by a missing permission check in the telephony service, enabling local escalation of privilege with no additional execution privileges. The issue is listed across multiple sources (NVD/Red Hat/Android bulletin), and Android ...

7.8CVSS7.7AI score0.00084EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.101 views

CVE-2022-48456

CVE-2022-48456 is described as an out-of-bounds write in the camera driver that can lead to local denial of service with System execution privileges. Multiple connected records (NVD entry; Red Hat advisory; EU/OSV mentions) identify this as involving an Unisoc kernel/component issue, specifically...

4.4CVSS4.8AI score0.00083EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.101 views

CVE-2022-48457

CVE-2022-48457 affects TeleService, where improper input validation can cause a local system crash, resulting in a denial of service with no additional privileges required. The available sources describe the vulnerability as a local DoS due to input validation issues, but do not specify affected ...

5.5CVSS5.4AI score0.00081EPSS
Total number of security vulnerabilities8153