8153 matches found
CVE-2025-22438
CVE-2025-22438 affects Android’s InputDispatcher.cpp, in the afterKeyEventLockedInterruptable path, where a use-after-free issue is reported. The vulnerability could enable local elevation of privilege with no additional execution privileges and no user interaction required, per the linked source...
CVE-2025-26450
CVE-2025-26450 affects Android-related code in onInputEvent of IInputMethodSessionWrapper.java. The issue allows an untrusted app to inject key and motion events to the default IME due to a missing permission check, enabling local privilege escalation with no additional privileges required. User ...
CVE-2025-26462
CVE-2025-26462 corresponds to a logic error in AccessibilityServiceConnection.java that can cause a background activity launch and local privilege escalation without user interaction. Multiple trusted sources (NVD, Red Hat, OSV) confirm the Issue, with CVSS v3.1: Local, Low UI, High impact on con...
CVE-2025-26463
CVE-2025-26463 affects Android components where the vulnerability is in the function or flow that handles allowPackageAccess across multiple files, leading to resource exhaustion. The underlying impact is a local persistent denial of service with no additional execution privileges needed and no u...
CVE-2024-49739
CVE-2024-49739 describes an out-of-bounds write in the function MMapVAccess within pmr_os.c, caused by insufficient input validation. This could enable local privilege escalation with no required user interaction. The CVE is reflected across multiple sources (NVD, Red Hat, OSV) and is associated ...
CVE-2025-22442
CVE-2025-22442 describes a race-condition in multiple functions of DevicePolicyManagerService.java that could allow installation of unauthorized apps into a newly created work profile, causing local elevation of privilege without extra execution privileges. The issue is classified as EoP with loc...
CVE-2025-26422
CVE-2025-26422 affects Android’s WindowManagerService (dumpsys) where a missing permission check could allow a local elevation of privilege. The public description notes that exploitation requires local access with no extra privileges and no user interaction. Android security bulletin entries for...
CVE-2025-22417
CVE-2025-22417 affects Android where finishTransition in Transition.java can bypass touch filtering via a tapjacking/overlay attack, enabling local elevation of privilege with no extra execution privileges required. Exploitation requires user interaction. Documents consistently describe this as a...
CVE-2025-26430
CVE-2025-26430 affects SpaAppBridgeActivity (Android). A logic error in getDestinationForApp may allow cross-user file reveal, enabling local elevation of privilege with no extra privileges and no user interaction. Documents indicate this CVE is addressed in Android security bulletins with 2025-0...
CVE-2024-49730
CVE-2024-49730 affects Android components involving FuseDaemon.cpp, where a memory corruption leads to an out-of-bounds write. This can enable local privilege escalation with no user interaction required. The issue is documented across multiple feeds (NVD/Red Hat/OSV, etc.) and is addressed in An...
CVE-2025-22431
CVE-2025-22431 is an Android Framework DoS vulnerability arising from a logic error in multiple locations that can prevent dialing emergency services under limited circumstances. The impact is local denial of service until reboot, with exploitation not requiring user interaction. The Android Secu...
CVE-2025-26424
The CVE CVE-2025-26424 concerns VpnManager.java in the Android framework, where a logic error enables cross-user data leakage. The impact is local information disclosure without extra privileges or user interaction. Exploitation details are not provided in the connected documents, and there is no...
CVE-2025-26448
The CVE-2025-26448 vulnerability is an information disclosure flaw: in CursorWindow.cpp, writeToParcel can trigger an out-of-bounds read due to uninitialized data. The impact is local information exposure without extra execution privileges, and exploitation does not require user interaction. Affe...
CVE-2024-49720
CVE-2024-49720 affects Android permissions handling in Permissions.java, where a logic error could allow a local attacker to override the user’s location permission state. The issue enables local escalation of privilege without additional execution privileges and without user interaction. Connect...
CVE-2025-26441
CVE-2025-26441 affects Google Android: an out-of-bounds read in the add_attr path of sdp_discovery.cc can cause remote information disclosure without extra privileges or user interaction. The issue is described across NVD, Red Hat, OSV, and CNVD/CVE aggregations, all citing a missing bounds check...
CVE-2025-26458
CVE-2025-26458 affects Android’s LocationProviderManager.java, where a logic error can trigger a background activity launch, enabling local elevation of privilege with no extra execution privileges or user interaction required. Multiple connected sources corroborate a local-privilege-escapable co...
CVE-2019-9453
CVE-2019-9453 corresponds to an out-of-bounds read in the Android kernel F2FS touch driver, caused by improper input validation. This can enable local information disclosure and could potentially allow system-level privileges; exploitation requires local access with no user interaction. Publicly ...
CVE-2025-26420
CVE-2025-26420 concerns Android’s GrantPermissionsActivity.java, where a permission overload vulnerability may allow an attacker to mislead a user into granting the wrong permission, enabling local privilege escalation. The issue is described across multiple feeds as affecting the System/Permissi...
CVE-2025-26432
CVE-2025-26432: A DoS vulnerability in Google Android arises from missing length checks in multiple locations, allowing local denial of service with no extra privileges and no user interaction. The issue is described across multiple CVE feeds; Android bulletin details assignability to patch level...
CVE-2025-26445
The CVE-2025-26445 entry concerns a vulnerability in Android’s ConnectivityService.java, specifically in offerNetwork, where a missing permission check can cause an information disclosure. The issue allows local information disclosure without additional execution privileges and does not require u...
CVE-2025-26449
CVE-2025-26449 is a Google Android DoS vulnerability due to resource exhaustion causing local denial of service with no user interaction. Public documents corroborate a local impact and DoS classification across Android components; the Android bulletin notes patch levels 2025-06-01 and 2025-06-05...
CVE-2025-26443
CVE-2025-26443 affects Android’s HtmlToSpannedParser.parseHtml, where a logic error could permit installing apps without enabling installation from unknown sources. This is a local privilege escalation vulnerability (local vector, requires user interaction). The issue is tied to the parseHtml pat...
CVE-2025-26453
CVE-2025-26453 concerns a cross-user information disclosure in Android Bluetooth code (BluetoothOppSendFileInfo.java) due to a logic error in isContentUriForOtherUser. The issue enables local information disclosure with no extra execution privileges and does not require user interaction. The prim...
CVE-2025-22435
The CVE-2025-22435 issue affects the Android Bluetooth stack (avdt_msg_ind in avdt_msg.cc) where a type confusion leads to memory corruption. This can enable escalation of privilege on a paired device with no additional execution privileges and no user interaction required. CVSSv3.1 metrics indic...
CVE-2022-20141
CVE-2022-20141 (Android kernel) : In igmp.c, the function ip_check_mc_rcu has a use-after-free due to improper locking, enabling local escalation of privilege when opening/closing inet sockets without extra privileges. This vulnerability is associated with the Android kernel and upstream referenc...
CVE-2016-0728
The CVE-2016-0728 issue affects the Linux kernel up to version 4.4.1, specifically in the keyring handling path join_session_keyring() within security/keys/process_keys.c. A flaw in object reference management in an error path can allow a local, unprivileged user to escalate privileges or cause a...
CVE-2018-5383
CVE-2018-5383 is a Bluetooth input-validation vulnerability affecting Apple platforms (e.g., macOS High Sierra and later, iOS 11.4 and later; also appearing in tvOS/watchOS updates per Apple advisories). The issue arises from insufficient validation of elliptic-curve parameters used during Diffie...
CVE-2020-0444
CVE-2020-0444 affects the Android kernel. The issue is in audit_free_lsm_field in auditfilter.c, caused by a logic error in audit_data_to_entry that may allow local escalation of privilege with no extra privileges or user interaction. The connected Nessus advisories (Unity Linux UTSA-2026-004184/...
CVE-2022-20345
CVE-2022-20345 affects Android 12/12L with a vulnerability in the Bluetooth L2C BLE implementation. The issue is a missing bounds check in l2cble_process_sig_cmd (l2c_ble.cc) that can cause an out-of-bounds write, enabling remote code execution over Bluetooth without user interaction. Android bul...
CVE-2023-21282
CVE-2023-21282 affects Google Android components via TRANSPOSER_SETTINGS in lpp_tran.h, with an out-of-bounds write caused by an incorrect bounds check. The impact is remote code execution with user interaction required, as stated in the CVE description and mirrored by multiple advisories (NVD en...
CVE-2023-21265
CVE-2023-21265 affects Android’s trust management by listing multiple root CA certificates that must be disabled. The underlying issue enables remote information disclosure without additional execution privileges and requires no user interaction. Public documents describe the affected area as the...
CVE-2024-50302
CVE-2024-50302 affects the Linux kernel HID core by leaving the HID report buffer potentially uninitialized, enabling possible memory leakage via crafted reports. The fixed behavior is to zero-initialize the report buffer at allocation time. Public advisories (including AstraLinux and AlmaLinux f...
CVE-2020-0093
CVE-2020-0093 is a libexif vulnerability affecting Android 8.x–10, where a missing bounds check in exif_data_save_data_entry can cause an out-of-bounds read, leading to local information disclosure. The issue arises from an insufficient bounds check in exif-data.c; exploit requires user interacti...
CVE-2022-22265
Technical details about CVE-2022-22265 are not publicly provided in the connected documents. The sources mention the vulnerability at a high level; monitor official advisories for patches affecting Samsung NPU drivers.
CVE-2019-9278
CVE-2019-9278 affects libexif. The vulnerability is an out-of-bounds write caused by an integer overflow in libexif, leading to remote escalation of privilege in the media content provider. Exploitation requires user interaction. Affected versions include Android-10 (and related platforms in the ...
CVE-2023-21264
CVE-2023-21264 affects the Linux kernel (ARM64 KVM) where a memory access check in mem_protect.c can permit access to hypervisor memory due to the check being in the wrong place. The result is local elevation of privilege to System execution level, with exploitation not requiring user interaction...
CVE-2019-2219
CVE-2019-2219 affects the Android Framework, specifically when linked to NotificationManagerService and related files. The described issue is a local elevation of privilege due to a permission bypass that could allow recording audio from the background without user notification, requiring User ex...
CVE-2020-0452
CVE-2020-0452 affects libexif; the issue is an out-of-bounds write caused by an integer overflow in exif-entry.c, potentially enabling remote code execution when processing remote image data. Multiple connected advisories (CentOS RHSA-2020:5402, ALSA-2020:5393 for AlmaLinux, Amazon Linux ALAS2-20...
CVE-2021-0512
CVE-2021-0512 is a Linux kernel/Android-hid input issue: out-of-bounds write caused by a heap buffer overflow in __hidinput_change_resolution_multipliers of hid-input.c, enabling local privilege escalation with no user interaction. Affected: Android kernel HID input path; exploitation described a...
CVE-2023-20938
CVE-2023-20938 affects the Android kernel via binder_transaction_buffer_release in binder.c, causing a use-after-free due to improper input validation. This can enable local privilege escalation with no extra execution privileges required and without user interaction; the advisory consistently no...
CVE-2020-0465
CVE-2020-0465 refers to the Android kernel HID multitouch vulnerability. In hid-multitouch.c, there is an out-of-bounds write due to a missing bounds check, which could enable local privilege escalation with no additional privileges and no user interaction required. The description confirms affec...
CVE-2017-13156
CVE-2017-13156 is an Android UART-style APK signature bypass (Janus) that allows an attacker to inject or modify an APK without breaking its V1 signature, enabling installation updates with attacker-controlled code. The vulnerability affects Android 5.1.1 through 8.0 (ART), enabling elevation of ...
CVE-2020-0034
CVE-2020-0034 describes an out-of-bounds read in libvpx’s vp8_decode_frame (decodeframe.c) due to improper input validation that could leak information remotely if error correction is enabled. The vulnerability is exploitable remotely with no user interaction and could lead to information disclos...
CVE-2023-21400
CVE-2023-21400 affects the Linux kernel io_uring subsystem, specifically in multiple functions within io_uring.c where improper locking on rings with IOPOLL can cause kernel memory corruption. This memory corruption could enable local privilege escalation to kernel System execution privileges wit...
CVE-2021-0605
CVE-2021-0605 is a kernel vulnerability disclosed in the Android/Linux kernel: in pfkey_dump of af_key.c, there is a missing bounds check causing a local out-of-bounds read that can disclose kernel information. Exploitation requires local privileges; no user interaction is needed. Connected advis...
CVE-2024-32896
The CVE-2024-32896 issue is a local Elevation of Privilege (EoP) in the Android Framework affecting Pixel devices, caused by a logic error that could enable privilege escalation with no extra execution privileges. Exploitation requires user interaction per the description, with the Android bullet...
CVE-2024-40673
CVE-2024-40673 affects Google Android (System component via ZipFile.java) with improper input validation of dynamic code loading, enabling remote code execution without privileges or user interaction. Public details confirm the issue and reference Android security bulletin guidance indicating pat...
CVE-2023-20951
CVE-2023-20951 is an Android RCE issue caused by an out-of-bounds write in gatt_process_prep_write_rsp (gatt_cl.cc). The vulnerability affects Android 11–13 and can enable remote code execution with no privileges and no user interaction, per multiple sources. The Android Security Bulletin (March ...
CVE-2024-40676
CVE-2024-40676 affects Google Android. The issue lies in checkKeyIntent of AccountManagerService.java, which can bypass the intent security check and allow installing an unknown app due to a confused deputy. This enables local elevation of privilege without requiring execution privileges or user ...
CVE-2019-2107
CVE-2019-2107 affects the Android media framework. The issue is an out-of-bounds write in ihevcd_parse_pps (ihevcd_parse_headers.c) that can lead to remote code execution with no additional privileges, requiring user interaction to exploit. Affected Android versions include 7.0 through 9. Public ...