8153 matches found
CVE-2022-20520
CVE-2022-20520 affects Android 13 devices and describes a tapjacking/overlay vulnerability in the onCreate path of various files, enabling local privilege escalation and potential denial of service with user privileges and no user interaction required. The issue is documented across multiple feed...
CVE-2022-27822
CVE-2022-27822 describes an information-disclosure vulnerability in Samsung SMR (system patch package). Prior to SMR Apr-2022 Release 1, the ril property setting could expose EF_RUIMID without permission. Documented across multiple feeds (NVD entries and security notices) with affected product sc...
CVE-2022-42519
CVE-2022-42519 affects the Android kernel component, specifically In CdmaBroadcastSmsConfigsRequestData::encode in cdmasmsdata.cpp. The root cause is a stack clash that can lead to memory corruption, enabling local escalation of privilege with SYSTEM privileges required; exploitation requires no ...
CVE-2023-20924
CVE-2023-20924 describes a biometric authentication bypass in the Android kernel that could enable local escalation of privilege with physical access and no user interaction. The Pixel bulletin ties this issue to the Pixel 6a fingerprint scanner and marks it as Elevation of Privilege (EoP) with H...
CVE-2023-20980
CVE-2023-20980 affects Android 13 Bluetooth stack (btu_ble_ll_conn_param_upd_evt in btu_hcif.cc). The issue is an out-of-bounds read due to a missing bounds check, leading to local information disclosure with System execution privileges required; no user interaction is needed. Public documentatio...
CVE-2023-21041
CVE-2023-21041 affects the Android kernel, specifically the function sequence in param_util.c ’s append_to_params . The description states an out-of-bounds write caused by an incorrect bounds check, potentially enabling local privilege escalation with no additional execution privileges and no use...
CVE-2023-21063
CVE-2023-21063 affects Android kernel components (ParseWithAuthType in simdata.cpp) and is described as an out-of-bounds read that can enable local privilege escalation with SYSTEM-level privileges required. Multiple connected sources confirm the issue and its Android/Pixel context, including Pix...
CVE-2023-21064
CVE-2023-21064 affects Android kernel components (DoSetPinControl in miscservice.cpp) with a possible out-of-bounds read caused by a missing bounds check. The vulnerability could enable a local elevation of privilege to System-level execution without user interaction. Affected context includes An...
CVE-2023-21175
CVE-2023-21175 affects Android 13 and the DataUsageSummary.java component. In onCreate, a permissions bypass could let a guest user enable/disable mobile data, enabling local privilege escalation with no extra execution privileges and no user interaction needed. Exploitation details are not elabo...
CVE-2023-35646
CVE-2023-35646 is documented in multiple sources as a stack buffer overflow in TBD components with missing bounds checks, enabling remote code execution without user interaction. In the Pixel security bulletin, this issue is mapped to the Shannon baseband on Google Pixel devices, classified as RC...
CVE-2023-48401
CVE-2023-48401 affects the protocoladapter.cpp function GetSizeOfEenlRecords, causing an out-of-bounds read and potential local information disclosure with no user interaction. The available documents consistently describe the root cause as a bounds-check error and do not provide explicit exploit...
CVE-2024-32892
CVE-2024-32892 involves a memory corruption vulnerability in the Goodix driver path, specifically in handle_init of goodix/main/main.c, caused by type confusion. The issue can enable local privilege escalation without user interaction. Public details in the connected sources confirm the affected ...
CVE-2024-32897
CVE-2024-32897 involves an out-of-bounds read in ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() within protocolsmsadapter.cpp. The issue arises from a missing bounds check, enabling a possible information disclosure; exploitability is network-based with no user interaction and could lead to baseb...
CVE-2024-32902
CVE-2024-32902 affects Google Pixel devices, tied to the modem component, and is described as a DoS leading to remote denial of cellular service via malformed packets. The issue is categorized as high severity with network attack vector and low complexity. Pixel security bulletin indicates a patc...
CVE-2024-32906
CVE-2024-32906 affects Google Pixel/Android components: In the AcvpOnMessage function of avcp.cpp, uninitialized data may cause an Elevation of Privilege (EoP). This could enable local privilege escalation with no extra execution privileges and no user interaction required. The available connecte...
CVE-2024-32912
Summary: CVE-2024-32912 describes a persistent Denial of Service caused by test/debugging code left in a production build, enabling local DoS without extra privileges or user interaction. Affected context (from connected docs): Multiple sources reference a local-DoS issue on Google Pixel/Android ...
CVE-2015-3108
CVE-2015-3108 describes a memory disclosure vulnerability in Adobe Flash Player and related AIR components that bypasses ASLR by not properly restricting discovery of memory addresses. Affected products include Flash Player on Windows, macOS, and Linux (versions listed in the entry), and Adobe AI...
CVE-2016-5340
CVE-2016-5340 is tied to a vulnerability in the KGSL Linux Graphics Module exposed by a QuIC Android patch for Linux kernel 3.x. The issue arises from the function is_ashmem_file in drivers/staging/android/ashmem.c, where pointer validation is mishandled. This design flaw can allow an attacker to...
CVE-2020-0050
CVE-2020-0050 is an Android System issue affecting Android 10 where in nfa_hciu_send_msg (nfa_hci_utils.cc) an out-of-bounds write can occur due to improper input validation. This could enable local elevation of privilege in the NFC server with system-level execution privileges; exploitation does...
CVE-2020-0445
CVE-2020-0445 is an Android vulnerability described as an out-of-bounds write caused by a missing bounds check. Connected sources indicate this affects the Android video encoder (MediaTek components) and is rated high to critical, with a network attack vector and no user interaction required per ...
CVE-2020-0454
Summary: CVE-2020-0454 affects Android 9 (Android-9) via the ConnectivityService.java callCallbackForRequest, enabling a local attacker with LOW privileges to bypass a permission check and disclose the current SSID without user interaction. Exploitation is localized to the device; no remote acces...
CVE-2020-13842
Technical details (affected product/versions/root cause/patch) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2021-0874
CVE-2021-0874 concerns the PowerVR GPU driver component PVRSRVBridgeDevicememHistorySparseChange, where a missing size check can trigger an integer overflow that allows out-of-bounds heap access. The impact stated across sources is local escalation of privileges with no additional execution privi...
CVE-2021-1004
CVE-2021-1004 affects Android 12, via a missing permission check in getConfiguredNetworks() of WifiServiceImpl.java that can allow an app to determine whether another app is installed without query permissions. This is a local privilege escalation (no user interaction required) per the descriptio...
CVE-2021-39740
CVE-2021-39740 affects the Android 12L messaging path. The issue arises from improper input validation in messaging, allowing an attacker to bypass attachment restrictions and cause local information disclosure without requiring user interaction or privileges. The vulnerability is categorized und...
CVE-2021-39760
CVE-2021-39760 is described as a side-channel information disclosure in Android’s AudioService that can reveal whether an app is installed without query permissions. The impact is local information leakage with no extra execution privileges; user interaction is not required. Related connected doc...
CVE-2021-39783
CVE-2021-39783 is an Elevation of Privilege vulnerability in Android’s rcsservice on Android 12L. The issue arises from a missing permission check, enabling local privilege escalation with no additional execution privileges or user interaction required. Affected component: rcsservice; impact is l...
CVE-2022-20035
CVE-2022-20035 involves the vcu driver and an information-disclosure use-after-free vulnerability that could allow local escalation to System privileges. The issue does not require user interaction. Affected component: vcu driver. Root cause: use-after-free leading to partial confidentiality impa...
CVE-2022-20058
In MT MediaTek devices, CVE-2022-20058 is a boundary-check flaw in the preloader (USB) that can cause an out-of-bounds write. The issue enables local escalation of privilege when an attacker has physical access to the device, with user interaction required for exploitation. Affected products are ...
CVE-2022-20067
CVE-2022-20067 affects mdp with an out-of-bounds write caused by a missing bounds check, enabling local escalation to SYSTEM privileges without user interaction. Exploitation details are not provided in the documents, but multiple sources confirm the issue and reference patch ALPS05836585 (Issue ...
CVE-2022-20072
CVE-2022-20072 affects MediaTek devices via a flaw in the search engine service that allows changing the default search engine due to an incorrect comparison, enabling local privilege escalation to System. Exploitation status is not detailed in the provided documents; user interaction is not requ...
CVE-2022-20078
CVE-2022-20078 affects vow with a memory corruption flaw caused by a race condition, enabling local privilege escalation to System level without user interaction. Exploitation details are not provided in the initial documents; confirmed remediation reference is Patch ID ALPS05852819 / Issue ALPS0...
CVE-2022-20183
CVE-2022-20183 affects the Android kernel, specifically the hypx_create_blob_dmabuf path in faceauth_hypx.c. The issue is a missing bounds check that leads to an out-of-bounds write. This could enable local escalation of privilege with System execution privileges required; no user interaction is ...
CVE-2022-20185
CVE-2022-20185 affects the Android kernel with a use-after-free flaw described as enabling local privilege escalation to SYSTEM (LOCAL exploit, LOW attack complexity, no user interaction). The exact affected Android versions, patch level, and remediation are not provided in the supplied documents...
CVE-2022-20194
CVE-2022-20194 affects Android 12L. The vulnerability arises in the onCreate of ChooseLockGeneric.java, enabling a local elevation of privilege through a permission bypass that does not require user interaction. The impact is limited to elevation of privileges on the device. Remediation per the P...
CVE-2022-20206
CVE-2022-20206 affects Android 12L via NotificationManagerService.setPackageOrComponentEnabled, where a missing permission check enables local information disclosure about enabled notification listeners. The issue requires User privileges but not user interaction to exploit, yielding a HIGH confi...
CVE-2022-20233
CVE-2022-20233 affects the Android kernel Titan-M source. The issue is an out-of-bounds write in param_find_digests_internal and related functions caused by an incorrect bounds check. It enables local escalation of privilege with System execution privileges required; exploitation does not require...
CVE-2022-20376
CVE-2022-20376 affects the Android kernel’s trusty-log.c: Trusty_log_seq_start has use-after-free due to improper locking, enabling local elevation of privileges to SYSTEM. Exploitation details are not provided in the connected documents; no patch/version/fix is specified here. Monitoring Pixel s...
CVE-2022-20380
According to the Pixel security bulletin, CVE-2022-20380 is listed under the Pixel component Modem with type ID (information disclosure) and High severity. The entry is tied to Android devices via a modem-related information-disclosure issue, not clearly specifying kernel-level impact in this bul...
CVE-2022-20508
CVE-2022-20508 affects Android 13. In ConfigureWifiSettings.java (onAttach), a permissions bypass could let a guest user change Wi‑Fi settings, enabling local privilege escalation with no extra execution privileges or user interaction. CVSS v3.1 metrics indicate LOCAL, LOW attack complexity, with...
CVE-2022-20529
CVE-2022-20529 affects Android 13, specifically the WifiDialogActivity.java code, where a logic error can cause a limited lockscreen bypass and local escalation of privilege in wifi settings without user interaction. The CVE severity per the initial data is Low (CVSS v3.1: 2.4). No exploitation d...
CVE-2022-20538
Summary: CVE-2022-20538 affects Android 13 in the getSmsRoleHolder path of RoleService.java. A side-channel information disclosure can let an attacker determine if an app is installed without query permissions, enabling local information disclosure with no extra execution privileges and no user i...
CVE-2022-20539
CVE-2022-20539 affects Android-13; the issue is in parameterToHal of Effect.cpp where a missing bounds check can cause an out-of-bounds write. This may enable local escalation of privilege in the audio server with system execution privileges, and requires no user interaction. Documents consistent...
CVE-2022-20547
The CVE-2022-20547 entry concerns Android 13 where multiple functions in AdapterService.java can manipulate Bluetooth state due to a missing permission check, enabling local privilege escalation with no extra execution privileges and no user interaction required. The available sources (NVD/Red Ha...
CVE-2022-20577
CVE-2022-20577 affects the Android kernel component involved in the OemSimAuthRequest::encode function in wlandata.cpp, where a missing bounds check allows an out‑of‑bounds write. This can lead to local escalation of privilege with System privileges required; exploitation reportedly does not requ...
CVE-2022-20588
CVE-2022-20588 affects the Android kernel in the sysmmu_map function of sysmmu.c. The issue is a precondition check failure that can enable local elevation of privilege, granting System execution privileges. Exploitation details are not provided in the supplied documents; no user interaction is r...
CVE-2022-20589
CVE-2022-20589 affects the Android kernel, specifically a vulnerability in the function valid_va_secbuf_check within drm_access_control.c. The issue arises from improper input validation, enabling local information disclosure and requiring System execution privileges for exploitation, with no use...
CVE-2022-20602
CVE-2022-20602 is mapped to the Android kernel with impact described as Information Disclosure (ID) and a high overall severity (CVSS base 7.5). The vulnerability is associated with the Android kernel in Pixel devices, and is listed under Pixel components in the Android Pixel security bulletin fo...
CVE-2022-25817
Samsung One UI Home (pre–SMR Mar‑2022 Release 1) is affected by CVE-2022-25817 due to improper authentication, allowing an attacker to generate pinned shortcuts without user consent. Remediation: update to SMR Mar‑2022 Release 1 or later.
CVE-2022-25818
CVE-2022-25818 affects the Samsung UWB stack (prior to SMR Mar-2022 Release 1). The issue is an improper boundary check in the UWB implementation that enables arbitrary code execution. Public details across connected records confirm the vulnerability exists in Samsung/UWB, with mitigation via Sam...