8153 matches found
CVE-2022-27575
CVE-2022-27575 affects One UI Home prior to Samsung SMR April-2022 Release 1. The issue is described as an information disclosure vulnerability that allows an attacker to access information about the currently launched foreground application without permission. Concrete details in connected sourc...
CVE-2022-27829
CVE-2022-27829 is described across multiple connected sources as an improper validation vulnerability in Samsung SMR’s VerifyCredentialResponse prior to SMR Apr-2022 Release 1. The issue enables attackers to launch certain activities, with affected entities typically within the device’s local tru...
CVE-2022-42518
CVE-2022-42518 affects the Android kernel (rild_exynos) via an out-of-bounds write in BroadcastSmsConfigsRequestData::encode (smsdata.cpp) caused by a missing bounds check. This can enable local escalation of privilege with System execution privileges; no user interaction is required. Public deta...
CVE-2022-42525
CVE-2022-42525 affects Android’s ril_service_1_6.cpp in the Android kernel stack, where an incorrect bounds check can cause an out-of-bounds write. The documented impact is local escalation of privilege with System execution privileges required, and exploitation is listed as requiring no user int...
CVE-2022-48458
In TeleService , CVE-2022-48458 describes a vulnerability where improper input validation can crash the system, leading to local denial of service with no additional privileges required. Affected component: TeleService (local exploitability). CVSS v3.1 base score is 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C...
CVE-2023-21059
CVE-2023-21059 affects the Android kernel: in EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a missing bounds check causing an out-of-bounds read. This can enable remote information disclosure without privileges and without user interaction. Affected component: Andro...
CVE-2023-21154
CVE-2023-21154 : Affects the Android kernel, specifically the StoreAdbSerialNumber path in protocolmiscbuilder.cpp, where a missing bounds check can cause an out-of-bounds read. This is described as enabling local information disclosure with System-level privileges needed; exploitation reportedly...
CVE-2023-52533
The CVE-2023-52533 entry concerns the modem-ps-nas-ngmm component, where incorrect error handling may cause undefined behavior. This could enable remote information disclosure without additional privileges. Public sources (NVD/Red Hat/CVE records) state the impact as information disclosure with n...
CVE-2024-20001
The CVE-2024-20001 issue affects TVAPI and is caused by a missing bounds check leading to an out-of-bounds write, enabling local escalation of privilege with System privileges required; no user interaction is needed. Multiple connected sources (NVD, Red Hat, CVE lists) confirm the same descriptio...
CVE-2024-29749
CVE-2024-29749 affects the tmu_set_tr_thresholds function in tmu.c, with a missing bounds check causing a possible out-of-bounds write. This can lead to local elevation of privilege without extra execution privileges and without user interaction. Public sources repeatedly describe the issue in th...
CVE-2024-29783
The CVE-2024-29783 issue is described across multiple sources as a vulnerability in tmu_get_tr_thresholds where a missing bounds check may cause an out-of-bounds read, leading to local information disclosure with no required user interaction. Exploitation details are not provided in the connected...
CVE-2024-32901
CVE-2024-32901 affects the v4l2_smfc_qbuf function in smfc-v4l2-ioctls.c, where a missing bounds check can cause an out-of-bounds write. This enables local privilege escalation with no extra privileges or user interaction required. Pixel/Android bulletins indicate patches in the June 2024 update;...
CVE-2024-32904
CVE-2024-32904 concerns the ProtocolVsimOperationAdapter() function in protocolvsimadapter.cpp, where a missing bounds check can cause an out-of-bounds read. This may lead to local information disclosure with the requirement of baseband firmware compromise for exploitation, and no user interactio...
CVE-2024-47022
CVE-2024-47022 affects Google Pixel devices running Android prior to the 2024-10-05 patch level, with the ACPM component (A-331255656) identified as the vulnerable element. The Red Hat and CNVD entries corroborate the same information disclosure issue, described as an information leak stemming fr...
CVE-2025-0078
CVE-2025-0078 describes a logic error in the Android main.cpp main function that may bypass SELinux, enabling local elevation of privilege with no extra privileges or user interaction required. The vulnerability is categorized as EoP with a high impact, and current sources indicate the issue affe...
CVE-2015-3107
CVE-2015-3107 is a Use-After-Free vulnerability in Adobe Flash Player (and related AIR components) that can lead to arbitrary code execution via unspecified vectors. Affected products include Flash Player on Windows, macOS, and Linux, with versions before 13.0.0.292 and earlier 18.x before 18.0.0...
CVE-2018-9564
CVE-2018-9564 affects Android via an out-of-bounds read in llcp_util_parse_link_params (llcp_util.cc), caused by a missing bounds check. This can lead to local information disclosure without executing user-supplied code. Affected Android versions include 7.0–9 (Android-7.0, 7.1.1, 7.1.2, 8.0, 8.1...
CVE-2020-0371
CVE-2020-0371 is an Android vulnerability described as an out-of-bounds read due to a missing bounds check, affecting Android components on the Android SoC with Android ID A-163008256. The public records list this CVE across multiple sources (NVD, Red Hat, PRION, CVE List, OSV) with consistent wo...
CVE-2021-0524
CVE-2021-0524 affects Android 12, related to CarPackageManagerService.java isServiceDistractionOptimized. The issue is a side-channel information disclosure that could allow a local disclosure of installed packages without additional execution privileges. Impact is local information disclosure wi...
CVE-2021-39748
CVE-2021-39748 affects Android 12L in the Framework through InputMethodEditor. The issue arises from an unsafe PendingIntent that can allow access to files accessible to Settings, causing local information disclosure without extra privileges and without user interaction. The ENISA/Android release...
CVE-2021-39757
CVE-2021-39757 affects Android 12L with a permission bypass in the PermissionController caused by unsafe PendingIntent, enabling local information disclosure. Exploitation requires low privileges and no user interaction, with potential access to sensitive data on the device as described in multip...
CVE-2021-39788
CVE-2021-39788 affects Android 12L TelecomManager. The issue enables a side-channel information disclosure that allows checking whether a specific self-managed phone account is registered on the device, leading to local information disclosure without additional privileges and without user interac...
CVE-2022-20030
CVE-2022-20030 affects the vow driver; vulnerability is an out-of-bounds write caused by a stack-based buffer overflow. This can allow local escalation of privileges to System with no user interaction required. The advisory notes a patch identified as ALPS05837793 (Issue ALPS05837793) for remedia...
CVE-2022-20046
The CVE-2022-20046 entry describes a Bluetooth memory corruption due to a logic error that could cause local denial of service without user interaction. The vulnerability is associated with a patch identified as ALPS06142410 (Issue ALPS06142410). Public exploitation details, affected product name...
CVE-2022-20049
CVE-2022-20049 affects the vpu component and describes a missing permission check that can enable local privilege escalation with System execution privileges required. Exploitation does not require user interaction. A patch is referenced (ALPS05954679; ALPS05954679). Connected sources confirm thi...
CVE-2022-20070
CVE-2022-20070 affects the ssmr component, with a reported out-of-bounds write caused by a missing bounds check. This can lead to local escalation of privileges, requiring SYSTEM privileges, and does not require user interaction. The issue is associated with patch ID ALPS06362920 (Issue ALPS06362...
CVE-2022-20074
CVE-2022-20074 concerns a boundary-check omission in the preloader (partition) of MediaTek devices, causing an out-of-bounds write that can enable local privilege escalation with physical access and user interaction required for exploitation. Affected component: preloader partition code on MediaT...
CVE-2022-20160
CVE-2022-20160 is documented as a critical remote code execution (RCE) vulnerability in Google Pixel devices, specifically affecting the Modem component. Public records classify it as a Modem-related issue (RCE, Critical) in the Pixel bulletin, with the Android patch level 2022-06-05 or later add...
CVE-2022-20178
CVE-2022-20178 affects Android kernel components where ioctl_dpm_qos_update and ioctl_event_control_set can trigger an out-of-bounds write caused by an integer overflow. This can lead to local privilege escalation with system execution privileges required, and exploitation does not require user i...
CVE-2022-20372
CVE-2022-20372 affects the Android kernel, specifically the Exynos5 I2C IRQ code. The issue is a possible out-of-bounds write caused by a use-after-free, leading to local elevation of privilege with System execution privileges required. No user interaction is needed. The provided documents do not...
CVE-2022-20382
CVE-2022-20382 affects the Android kernel (kernel components). The description cites a possible out-of-bounds write due to a kernel stack overflow, enabling local escalation of privilege with System privileges required and no user interaction needed. Several connected sources (NVD, Red Hat, SUSE,...
CVE-2022-20511
CVE-2022-20511 affects Android 13 where a missing permission check in DevicePolicyManagerService.getNearbyAppStreamingPolicy could enable local information disclosure without additional privileges. The issue: local access suffices (no user interaction required) and the vulnerability is tied to in...
CVE-2022-20545
CVE-2022-20545 affects Android 13 on Google Pixel devices. The issue resides in the MediaControlPanel.java function bindArtworkAndColors, where improper input validation can crash the phone, causing a remote denial of service with no additional execution privileges required. Exploitation does not...
CVE-2022-20556
The provided documents confirm CVE-2022-20556 affects Android 13, where a missing permission check in launchConfigNewNetworkFragment of NetworkProviderSettings.java allows a guest user to add a new WiFi network. This enables local elevation of privilege with no extra execution privileges required...
CVE-2022-20609
CVE-2022-20609 involves a local information-disclosure vulnerability in Pixel cellular firmware due to a missing bounds check that allows an out-of-bounds read. Exploitation requires local access; no user interaction is needed. The issue is described for the Pixel/Android kernel domain, but the p...
CVE-2022-22270
CVE-2022-22270 is an implicit Intent hijacking vulnerability in Samsung Dialer prior to SMR Jan-2022 Release 1 that allows unprivileged apps to access contact information. Affected: Samsung Dialer on Samsung Android devices; root cause is improper handling of implicit intents in the Dialer. Impac...
CVE-2022-24928
CVE-2022-24928 describes a security misconfiguration in Samsung’s RKP (kernel protection) mechanism prior to the SMR Mar-2022 Release 1. The root cause is a misconfiguration that leaves the system not protected by RKP. As a result, confidentiality, integrity, and availability can be affected on a...
CVE-2022-25815
The CVE-2022-25815 entry corresponds to a PendingIntent hijacking vulnerability in the Samsung Weather application. Connected sources confirm a local privilege/unauthorized action risk via hijacking PendingIntent in Weather prior to SMR Mar-2022 Release 1. Impacts are described as enabling local ...
CVE-2022-25816
CVE-2022-25816 affects Samsung Lock and Mask apps setting prior to the SMR Mar-2022 Release 1, where improper authentication allows an attacker to change enable/disable without authentication. The initial entry documents this vulnerability and notes Samsung and Red Hat/other vendor advisories ali...
CVE-2022-42504
CVE-2022-42504 affects the Android kernel component CallDialReqData::encodeCallNumber (callreqdata.cpp). It describes an out-of-bounds write caused by an incorrect bounds check, enabling local escalation of privilege with System execution privileges required. Exploitation is not dependent on user...
CVE-2022-42506
CVE-2022-42506 affects Android kernel components. The issue is in SimUpdatePbEntry::encode (simdata.cpp) where a missing bounds check can cause an out-of-bounds write, enabling local escalation of privilege with System execution privileges needed. Exploitation is described as local and requires n...
CVE-2022-42512
CVE-2022-42512 affects the Android kernel component in VsimOperationDataExt::encode (vsimdata.cpp). The issue is an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with System privileges; no user interaction needed. Connected sources confirm the vulnerab...
CVE-2022-42544
CVE-2022-42544 concerns a local-privilege-escalation issue in Android 13 stemming from getView() in AddAppNetworksFragment.java. The vulnerability arises from improper input validation that can mislead users about network add requests, with exploitation possible without extra privileges or user i...
CVE-2023-21020
The CVE-2023-21020 vulnerability affects Android 13 (Pixel devices) and is described as a use-after-free in registerSignalHandlers of main.c that can lead to local arbitrary code execution with SYSTEM privileges, requiring no user interaction. The issue enables local escalation of privileges via ...
CVE-2023-21056
CVE-2023-21056 affects the Android kernel LWIS subsystem, specifically the lwis_slc_buffer_free function in lwis_device_slc.c. The vulnerability is a memory corruption rooted in type confusion, enabling local escalation of privilege with System execution privileges required. Exploitation is local...
CVE-2023-21060
CVE-2023-21060 affects the Android kernel, specifically in sms_GetTpPiIe within sms_PduCodec.c. The issue is an out-of-bounds read caused by a missing bounds check, enabling potential remote information disclosure with no extra execution privileges and no user interaction. Documented impact is in...
CVE-2023-21163
CVE-2023-21163 : A use-after-free in the PowerVR GPU driver PMR_ReadBytes (pmr.c) can enable arbitrary code execution and local kernel privilege escalation without user interaction. Exploitation details are not provided in the documents; no patch/version details are disclosed here. Affected: Powe...
CVE-2023-21356
CVE-2023-21356 relates to Bluetooth on Android devices, where a missing bounds check can cause an out-of-bounds write in the Bluetooth stack. The underlying root cause is this unchecked memory access, enabling possible remote code execution from an adjacent attacker without user interaction and w...
CVE-2023-35692
CVE-2023-35692 affects Google Pixel devices, tied to GeoLocation.java (getLocationCache). The root cause is improper input validation that could allow sending a mock location during an emergency call. Impact is local privilege escalation without extra execution privileges, with no user interactio...
CVE-2023-48352
CVE-2023-48352 is described as a local denial-of-service in phasecheckserver due to an out-of-bounds write from a missing bounds check. Connected sources tie this to UNISOC Android components (Android/Unisoc stack) and reiterate the same description across Red Hat/NVD entries. The documents do no...