8153 matches found
CVE-2022-20464
CVE-2022-20464 affects Android’s audio processing path in ap_input_processor.c (Android kernel). The logic error can allow recording audio during a phone call, causing local information disclosure. Impact is confidentiality loss (HIGH) with access locally from a user with LOW privileges and no us...
CVE-2022-2984
CVE-2022-2984 affects the jpg driver in the Linux kernel. The root cause is a missing bounds check that can cause an out-of-bounds write, leading to local Denial of Service. The available connected documents consistently state a kernel-level impact but do not provide exploit details, affected ker...
CVE-2022-38673
CVE-2022-38673 affects the face detect driver and relates to an out-of-bounds write caused by a missing bounds check. The impact stated across the provided sources is local denial of service in kernel space. The connected documents (Red Hat, OSV, NVD, etc.) consistently describe the same issue bu...
CVE-2023-21402
CVE-2023-21402 affects the PowerVR GPU driver (Imagination Technologies) in Android/ChromeOS via the MMU_UnmapPages() function in mmu_common.c. The issue is an out-of-bounds read caused by improper input validation, enabling local escalation of privilege in the kernel with no user interaction req...
CVE-2023-32818
MediaTek vdec component is affected by CVE-2023-32818 due to a type confusion that can trigger an out-of-bounds write, enabling local escalation of privilege with SYSTEM-level privileges required. Exploitation is reported as not needing user interaction. The patch IDs provided are ALPS08163896 an...
CVE-2023-32819
CVE-2023-32819 affects MediaTek components (display path) with a missing bounds check, causing information disclosure that could lead to local escalation of privileges (System level) without user interaction. The issue is documented under patch ALPS07993705 and is referenced across multiple feeds...
CVE-2024-27213
The CVE-2024-27213 issue is a use-after-free in BroadcastSystemMessage within servicemgr.cpp that could allow Remote Code Execution, causing local elevation of privilege with no user interaction required. The available documents confirm the vulnerable component and the general impact (RCE and LPE...
CVE-2024-27235
CVE-2024-27235 is documented in Google Pixel security updates as affecting the ACPM component (Pixel). The root cause is an out-of-bounds read in the plugin_extern_func due to a missing bounds check, leading to possible local information disclosure with no required user interaction. The vulnerabi...
CVE-2024-31334
CVE-2024-31334 affects the DevmemIntFreeDefBackingPage function in the Android/Linux kernel code path devicemem_server.c. The described logic error could allow arbitrary code execution leading to local elevation of privilege without requiring user interaction. Exploitation is local (no remote vec...
CVE-2020-0437
CVE-2020-0437 affects Android's CellBroadcastReceiver: a missing permission check in the intent handlers can allow a local attacker to cause a denial of service of emergency alerts without extra privileges or user interaction. The vulnerability is listed against Android versions 8.0–11. Exploitat...
CVE-2021-0635
CVE-2021-0635 affects the Video component (Unisoc/Android 10) where extracting an incorrectly formatted FLV file can corrupt memory, causing a crash and video playback failure. The Red Hat/NVD entries describe potential for malicious code execution leading to loss of user rights, with CVSS 3.1 ba...
CVE-2022-20033
CVE-2022-20033 affects the camera driver in MediaTek-based devices. The root cause is an incorrect bounds check that enables an out-of-bounds read, leading to local information disclosure and potential System-level execution privileges. Exploitation reportedly does not require user interaction. A...
CVE-2022-20051
CVE-2022-20051 affects the ims service and is linked to incorrect privilege assignment that can cause unexpected application behavior and local denial of service without requiring user interaction or additional privileges. The vulnerability is mitigated by patch ALPS06219127 (Issue ALPS06219127);...
CVE-2022-20103
In CVE-2022-20103, aee daemon is vulnerable to information disclosure via symbolic link following, enabling local information exposure and requiring system privileges for exploitation. Exploitation reportedly does not require user interaction. The vulnerability is associated with patch ALPS063839...
CVE-2022-20201
The CVE-2022-20201 issue affects Android's InstalldNativeService.cpp, specifically the getAppSize function, where a missing bounds check can cause an out-of-bounds read. This enables local escalation of privileges with System execution privileges implied, and exploitation does not require user in...
CVE-2022-20378
CVE-2022-20378 affects Android kernel and Pixel modem. The Pixel security bulletin lists it under the Kernel/Modem category as an Elevation of Privilege (EoP) issue with “Modem” as the component and indicates a high-severity impact, corroborated by NVD’s CVSS v3.1 base score of 9.8 (CRITICAL) wit...
CVE-2022-20535
CVE-2022-20535 affects Android 13 via a side-channel in WifiManager.registerLocalOnlyHotspotSoftApCallback that can reveal whether an app is installed without query permissions, enabling local information disclosure. Exploitation requires local access; no user interaction is needed. The issue is ...
CVE-2022-21750
CVE-2022-21750 affects MediaTek WLAN drivers and describes an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation with System execution privileges required. The vulnerability is exploitable without user interaction, per the description. Connected sources conf...
CVE-2022-21759
CVE-2022-21759 describes an out-of-bounds write in the power service caused by a missing bounds check, enabling local privilege escalation to System privileges without user interaction. Multiple sources (NVD, Red Hat, PRION, CVE lists) confirm the issue and states a patch is available (Patch ID A...
CVE-2022-23429
CVE-2022-23429 describes an improper boundary check in the Android audio HAL service prior to SMR Feb-2022 Release 1, allowing local attackers to read invalid memory and cause an application crash. In the provided connected records, the vulnerability is documented across multiple sources (NVD, Re...
CVE-2022-25821
CVE-2022-25821 affects Samsung’s Shannon baseband (SMS handling). The vulnerability arises from improper use of the SMS buffer pointer, enabling an out-of-bounds read. Public sources describe impact as read access to memory due to buffer mismanagement in Shannon baseband prior to SMR Mar-2022 Rel...
CVE-2022-38670
The CVE-2022-38670 entry describes a vulnerability in the soundrecorder service caused by a missing permission check, potentially enabling local elevation of privilege in the contacts service without requiring additional execution privileges. Connected documents (RH/CVE, NVD, OSV entries) confirm...
CVE-2023-40141
The CVE-2023-40141 issue affects the temp_residency_name_store function in thermal_metrics.c, where a missing bounds check enables an out-of-bounds write. This is described as a potential local privilege escalation with no additional execution privileges required and no user interaction needed. C...
CVE-2023-48340
CVE-2023-48340 is linked to Unisoc Android video decoder and corresponds to an out-of-bounds write caused by improper input validation. The result is local denial of service with no extra privileges required. Publicly detailed exploit vectors or fixes are not provided in the connected documents; ...
CVE-2024-34726
The CVE-2024-34726 issue is in PVRSRV_MMap (pvr_bridge_k.c) of the PVR bridge kernel module. A logic error in PVRSRV_MMap can allow arbitrary code execution, enabling local kernel escalation of privilege with no extra execution privileges and without user interaction. The available documents do n...
CVE-2024-43087
Android vulnerability CVE-2024-43087 affects the accessibility subsystem: in AccessibilitySettings.java, getInstalledAccessibilityPreferences contains a logic flaw that can allow hiding an enabled accessibility service in the settings. This could enable local escalation of privilege with no extra...
CVE-2024-43088
CVE-2024-43088 describes a local privilege escalation in Android involving multiple functions in AppInfoBase.java where a missing permission check allows manipulating another user’s app permission settings. Exploitation requires local access and does not need user interaction; no public exploit d...
CVE-2024-44096
CVE-2024-44096 affects Google Pixel devices (Android) and is caused by an insecure default value that enables an arbitrary read, potentially leading to local information disclosure with system execution privileges. Exploitation does not require user interaction. The issue is listed in the Pixel s...
CVE-2026-20435
CVE-2026-20435 concerns a logic error in the preloader of MediaTek-based devices that allows reading device unique identifiers. The vulnerability can enable local information disclosure with physical access and no required user interaction or execution privileges. Affected component: preloader; u...
CVE-2015-8967
From connected documents: CVE-2015-8967 affects the Linux kernel's arch/arm64/kernel/sys.c prior to version 4.0. Local users with write access can bypass the kernel’s strict page permissions and modify the system-call table to gain privileges, implying local privilege escalation. A patch/commit a...
CVE-2017-13216
CVE-2017-13216 affects Android kernel ashmem: in ashmem_ioctl, an out-of-bounds write occurs due to insufficient locking when accessing asma. This can enable local privilege escalation and code execution within a privileged process, with no user interaction required. Public advisories describe th...
CVE-2020-0254
CVE-2020-0254 is an information-disclosure vulnerability in Android’s MediaTek Multimedia Processing Driver. It stems from an incorrect bounds check, which could allow an out-of-bounds read. The issue is associated with the MediaTek component in Android and is documented in the Android 2020 secur...
CVE-2020-27067
CVE-2020-27067 affects the Android kernel’s l2tp subsystem, where a race condition can cause a use-after-free leading to local privilege escalation. Exploitation is described as requiring local access with no user interaction. The provided documents specify the affected product area and the impac...
CVE-2021-0442
CVE-2021-0442 affects Android 11 in the Framework component, specifically in updateInfo of android_hardware_input_InputApplicationHandle.cpp. The issue is a use-after-free that can control code flow, enabling local elevation of privilege with no additional execution privileges required. Exploitat...
CVE-2021-0577
CVE-2021-0577 affects the Android flv extractor component. The issue is described as an out-of-bounds write caused by a heap buffer overflow, leading to local privilege escalation with no additional execution privileges required and no user interaction needed. The vulnerability is labeled high se...
CVE-2021-0680
CVE-2021-0680 : Affects Android on MediaTek components (System properties) where a missing permission check in system properties could allow local information disclosure without user interaction. Impact: disclosure of sensitive data on the device. Root cause per connected sources: insufficient ac...
CVE-2021-0904
Summary: CVE-2021-0904 affects SRAMROM and describes a possible permission bypass due to an insecure permission setting, enabling local escalation of privilege with System execution privileges required. Exploitation is reported as requiring no user interaction. Affecting components: MediaTek/ALPS...
CVE-2022-20036
CVE-2022-20036 affects the ion driver and is caused by an incorrect bounds check, leading to local information disclosure with no additional privileges required and no user interaction. The impact is described as partial confidentiality loss, without exploitation details provided. A patch/mitigat...
CVE-2022-20041
CVE-2022-20041 concerns the Bluetooth subsystem with a missing permission check that can enable local privilege escalation without user interaction. The available reports consistently describe a local escalation of privilege, with the exploit requiring no extra execution privileges. The vulnerabi...
CVE-2022-20059
CVE-2022-20059 concerns a boundary-check omission in the preloader (usb) leading to an out-of-bounds write and local privilege escalation with physical access. The entry notes user interaction is required for exploitation. Connected sources specify affected MediaTek MT line chips (e.g., MT6761/MT...
CVE-2022-20171
CVE-2022-20171 is a Critical remote code execution vulnerability affecting Google Pixel modem components, disclosed in the Pixel Update Bulletin (June 2022). The NVD entry lists CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network-based exploitation with no user interaction could co...
CVE-2022-20172
CVE-2022-20172 concerns the Android kernel component ShannonRcsService.java, where the onbind method lacks a necessary permission check. This can enable local information disclosure without requiring additional execution privileges or user interaction, per multiple sources. Affected context is de...
CVE-2022-20190
Technical details for CVE-2022-20190 are not publicly available in the provided documents. No concrete information on affected components, root cause, impact, or fixes is present. Monitor for updates.
CVE-2022-20370
CVE-2022-20370 ties to Android kernel/modem firmware with Android bug ID A-215730643. Pixel bulletin classifies it under Modem with type ID and Moderate severity; NVD describes a kernel-related issue affecting Android kernel (CVSSv3.1: 7.5, Network exploit, no user interaction). Some connected so...
CVE-2022-2985
CVE-2022-2985 : In the Android music service, a missing permission check could allow a local attacker to elevate privileges in the contacts service without any additional execution privileges. The vulnerability is described consistently across sources (NVD/CVE entry, CNVD, CNSC/NCSC advisories, O...
CVE-2022-39131
The CVE-2022-39131 entry concerns a memory corruption issue in a camera driver caused by improper locking, leading to local denial of service in the kernel. The affected component is described as the camera driver (no specific vendor/model in the provided documents). The root cause is improper sy...
CVE-2022-47469
CVE-2022-47469 affects the ext4fsfilter driver. A missing bounds check can cause an out-of-bounds read, leading to local denial of service with System privileges required. Public exploitation details are not provided in the supplied documents. No explicit remediation/version fix is stated within ...
CVE-2022-48390
CVE-2022-48390 affects Unisoc Android telephony components and is caused by a missing permission check in the telephony service, enabling local escalation of privilege with no additional execution privileges. The issue is listed across multiple sources (NVD/Red Hat/Android bulletin), and Android ...
CVE-2022-48456
CVE-2022-48456 is described as an out-of-bounds write in the camera driver that can lead to local denial of service with System execution privileges. Multiple connected records (NVD entry; Red Hat advisory; EU/OSV mentions) identify this as involving an Unisoc kernel/component issue, specifically...
CVE-2022-48457
CVE-2022-48457 affects TeleService, where improper input validation can cause a local system crash, resulting in a denial of service with no additional privileges required. The available sources describe the vulnerability as a local DoS due to input validation issues, but do not specify affected ...