8153 matches found
CVE-2020-0052
CVE-2020-0052 affects Android 10 where In smsSelected of AnswerFragment.java an elevation-of-privilege vulnerability exists due to a permissions bypass that allows sending an SMS from the lock screen. The issue enables local privilege escalation with no extra execution privileges required; exploi...
CVE-2017-0428
CVE-2017-0428 describes an elevation-of-privilege in the NVIDIA GPU driver that could allow a local malicious application to execute arbitrary code in kernel context on Android devices with Kernel-3.10. The Android entry notes an Android ID (A-32401526) and flags the issue as critical due to pote...
CVE-2018-15835
CVE-2018-15835 concerns Android OS battery information broadcasts. The connected materials indicate the issue arises from insecure permissions around system broadcast data, allowing apps to access high‑precision battery information without special permissions. Android versions 1.0 through 9.0 are...
CVE-2020-0430
CVE-2020-0430 affects the Linux kernel skb_headlen in /include/linux/skbuff.h, causing a possible out-of-bounds read due to memory corruption and enabling local privilege escalation without user interaction. Affected product context in provided docs is Android kernel/Unity Linux kernel. Exploitat...
CVE-2021-0547
CVE-2021-0547 concerns a local elevation-of-privilege vulnerability in Android 11. In NetInitiatedActivity.java onReceive, an attacker-controlled value can be supplied to a GPS HAL handler due to a missing permission check, enabling local privilege escalation with undefined behavior in some HAL i...
CVE-2021-0583
CVE-2021-0583 affects Android (9/10) and relates to the BluetoothPairingDialog onCreate, enabling a tapjacking/overlay scenario that could lead to local elevation of privilege. According to Red Hat and NVD entries, exploitation requires user interaction (UI: Required) and local access, with a hig...
CVE-2021-0936
CVE-2021-0936 affects the Android kernel (acc_read in f_accessory.c) where a use-after-free can cause memory corruption leading to local privilege escalation without user interaction. The issue is described across multiple sources (NVD/NASL/CNVD etc.) as a memory corruption vulnerability in the A...
CVE-2021-39682
CVE-2021-39682 affects the Android kernel component memory_group_manager.c (function mgm_alloc_page). A bounds check is incorrect, enabling a potential out-of-bounds write that could lead to local privilege escalation without extra execution privileges or user interaction. Exploitation details ar...
CVE-2021-39738
CVE-2021-39738 concerns Google Android CarSetings: a missing permission check allows pairing a Bluetooth device without user consent, enabling local elevation of privilege without extra execution privileges. Affected: CarSetings on Android 10, 11, 12, and 12L. Exploitation is described as local w...
CVE-2021-39754
Technical details about CVE-2021-39754 are not publicly disclosed in the provided connected documents. Monitor for updates.
CVE-2021-39755
CVE-2021-39755 is a framework issue in Android 12L related to DevicePolicyManager that allows local information disclosure: an attacker could reveal the existence of an installed package without proper query permissions, with no user interaction. The Android 12L security release notes attribute t...
CVE-2021-39761
CVE-2021-39761 affects Android 12L Media Framework. The issue enables local information disclosure by determining whether an app is installed via a side-channel, without query permissions, with no user interaction required. Impacted component: Media Framework on Android-12L; CVSS data indicates a...
CVE-2021-39763
CVE-2021-39763 affects Android 12L; a vulnerability in Settings due to improper input validation could allow a local attacker to escalate privileges by causing the device to enable Wi‑Fi without user interaction. Exploitation details are not provided beyond the description in the CVE entry. The A...
CVE-2021-39810
CVE-2021-39810 affects Android’s NFC/payment stack (CardEmulationManager.verifyDefaults). The root cause is a missing permission check that can allow a third-party app to be set as the default contactless payment app without user consent. This could enable local elevation of privilege, with explo...
CVE-2022-20064
CVE-2022-20064 affects MediaTek’s ccci subsystem, where an incorrect bounds check can leak a kernel pointer. This enables local information disclosure with System execution privileges required, and exploitation does not require user interaction. Technical details across multiple sources confirm t...
CVE-2022-20085
CVE-2022-20085 affects MediaTek netdiag components. The issue is improper link resolution leading to symbolic link following, enabling local privilege escalation with System privileges required; no user interaction is needed. Patch ID ALPS06308877 (Issue ALPS06308877) is noted as remediation. Pub...
CVE-2022-20095
The CVE-2022-20095 issue affects MediaTek’s imgsensor, where a missing bounds check allows an out-of-bounds write in the sensor driver. The vulnerability can lead to local privilege escalation with system execution rights and does not require user interaction. A patch is identified (ALPS06479763)...
CVE-2022-20096
The CVE-2022-20096 entry concerns MediaTek devices’ camera component (affecting multiple chips such as MT6765/6768/6769/8183/8185/8385/8666/8667/8768/8786/8788/8789).根 The root cause is uninitialized data in the camera path, enabling local information disclosure. Reported impact: potential local ...
CVE-2022-20198
CVE-2022-20198 affects Android 12L, with a flaw in the NFC stack: in llcp_dlc_proc_connect_pdu (llcp_dlc.cc) there is an out-of-bounds read due to a missing bounds check. This can lead to local information disclosure and requires system privileges; no user interaction is needed. Connected sources...
CVE-2022-20503
CVE-2022-20503 targets the WifiDppConfiguratorActivity.java on Android 13. In onCreate, a missing permission check allows a guest user to add a WiFi configuration, enabling local elevation of privilege with no additional execution privileges and without user interaction. The CVSSv3.1 metrics show...
CVE-2022-20506
The CVE-2022-20506 entry applies to Android 13, where in WifiDialogActivity.java the onCreate path lacks a required permission check. This permits local privilege escalation from a guest user with no additional execution privileges, and exploitation requires no user interaction. Public details co...
CVE-2022-20544
CVE-2022-20544 affects Android 13; a missing permission check in onOptionsItemSelected of ManageApplications.java could bypass profile owner restrictions, enabling local elevation of privilege without additional execution privileges or user interaction. The issue is documented across multiple sou...
CVE-2022-20557
CVE-2022-20557 affects Android 13 Pixel devices. The issue is in MessageQueueBase.h (MessageQueueBase) where a missing bounds check allows an out-of-bounds read, potentially enabling local escalation of privilege with SYSTEM privileges and no user interaction. Public references note a Pixel updat...
CVE-2022-20558
CVE-2022-20558 affects Android 13. The vulnerability resides in DeviceCapabilityListener.java (registerReceivers) and can bypass permissions to change the preferred TTY mode, enabling local privilege escalation with no extra execution privileges and no user interaction. The issue is documented in...
CVE-2022-20564
CVE-2022-20564 affects the Android kernel’s ufdt code path. The issue is an out-of-bounds write in _ufdt_output_strtab_to_fdt (ufdt_convert.c) caused by an incorrect bounds check, enabling possible local escalation of privilege with SYSTEM privileges required. User interaction is not needed for e...
CVE-2022-20596
CVE-2022-20596 : The vulnerability is in the Android kernel’s WirelessCharger.cpp, in the sendChunk function, where a missing bounds check leads to an out-of-bounds write. This can cause local privilege escalation with System execution privileges required. Exploitation does not require user inter...
CVE-2022-20599
CVE-2022-20599 affects Google Pixel firmware/kernel components. The vulnerability is described as an exposure of sensitive memory due to a missing bounds check in Pixel firmware, which can lead to local elevation of privilege with System execution privileges required. The impact is indicated as h...
CVE-2022-20600
CVE-2022-20600 affects the Android kernel LWIS component. The issue is described as a memory corruption out-of-bounds write that could enable local privilege escalation to SYSTEM with no user interaction required. The available documents consistently note this as a local attack surface on Android...
CVE-2022-23999
CVE-2022-23999 describes a PendingIntent hijacking vulnerability in Android’s CpaReceiver prior to Samsung SMR Feb-2022 Release 1, enabling local attackers to access media files via KnoxPrivacyNoticeReceiver through an implicit Intent. Affected component is the CpaReceiver/KnoxPrivacyNoticeReceiv...
CVE-2022-24001
CVE-2022-24001 describes an information-disclosure flaw in the Android Edge Panel feature, prior to Android S(12). The vulnerability allows a physical attacker to access screenshots stored in the clipboard via Edge Panel. Documents consistently refer to the Edge Panel since the CVE description; n...
CVE-2022-24925
CVE-2022-24925 concerns an improper input validation vulnerability in Android’s SettingsProvider prior to Android S (12). The issue can be triggered by privileged attackers to cause a permanent denial of service on a victim’s device. The available connected sources consistently identify the affec...
CVE-2022-28786
The CVE-2022-28786 entry concerns the aviextractor library where an improper buffer size check allows an out-of-bounds read, potentially causing a temporary denial of service. The vulnerability is stated as fixed by a patch that adds buffer size checking logic, with remediation delivered through ...
CVE-2022-42532
CVE-2022-42532 affects Google/Pixel firmware and the Android kernel: an out-of-bounds read due to a missing bounds check could allow local information disclosure with system execution privileges, requiring no user interaction. The issue is documented across multiple sources (Pixel firmware discus...
CVE-2023-21015
CVE-2023-21015 affects Android 13, involving the GetAvailabilityStatus path of several Transcode Permission Controllers. The root cause is a missing permission check that could permit a local escalation of privilege with no extra execution privileges or user interaction required. The vulnerabilit...
CVE-2023-21017
CVE-2023-21017 affects Android 13 Pixel builds; the issue is in InstallStart.java where improper input validation can allow changing the installer package name. This vulnerability enables local privilege escalation with user-execution privileges and requires no user interaction. The CVSSv3.1 base...
CVE-2023-21031
CVE-2023-21031 describes a vulnerability in the Android graphics stack: in the function setPowerMode of HWC2.cpp there is a possible out-of-bounds read caused by a race condition. The issue could enable local information disclosure without requiring privileges or user interaction. Affected: Andro...
CVE-2023-21034
CVE-2023-21034 affects Android 13 devices, with the vulnerability located in multiple SensorService.cpp functions where a permissions bypass may allow access to accurate sensor data, causing local privilege escalation. The issue is described as needing low privileges and no user interaction, with...
CVE-2023-21156
CVE-2023-21156 describes an out-of-bounds read in Android’s modem stack, specifically in BuildGetRadioNode within protocolmiscbulider.cpp, caused by improper input validation. The issue could allow local information disclosure from the modem and requires System execution privileges; exploitation ...
CVE-2023-21180
This CVE (CVE-2023-21180) affects Android 13. The issue is a heap buffer overflow in xmlParseTryOrFinish within parser.c, causing an out-of-bounds read. This can lead to remote information disclosure without exploit privileges and without user interaction. The publicly described mitigation refere...
CVE-2023-21182
CVE-2023-21182 affects Android 13 exploiting an out-of-bounds read in Exynos_parsing_user_data_registered_itu_t_t35 within VendorVideoAPI.cpp due to a missing bounds check. This could enable local information disclosure with System privileges; no user interaction required. Public docs here confir...
CVE-2023-21201
CVE-2023-21201 involves the Android Bluetooth SDP server: in on_create_record_event of btif_sdp_server.cc there is an out-of-bounds read due to a missing null check. This can lead to a remote denial of service without extra privileges and without user interaction. The issue is tied to Android-13 ...
CVE-2023-21212
CVE-2023-21212 affects Android 13, specifically the wifi server component. The root cause is a missing bounds check leading to an out-of-bounds read, enabling local information disclosure. Exploitation status is not described in the provided documents, and there is no explicit remediation detail ...
CVE-2023-21219
CVE-2023-21219 affects the Android kernel (Pixel/Android devices) where an insecure default enables unencrypted transport over cellular networks, potentially allowing remote information disclosure without extra privileges. Exploitation is described as network-based with no user interaction, and t...
CVE-2023-35660
Summary: CVE-2023-35660 describes a use-after-free in lwis_transaction_client_cleanup (lwis_transaction.c) that can corrupt memory and enable local privilege escalation with SYSTEM privileges; exploitation does not require user interaction. The vulnerability is reported across multiple feeds (NVD...
CVE-2023-48404
CVE-2023-48404 affects Google Pixel Exynos RIL components, caused by a missing bounds check in ProtocolMiscCarrierConfigSimInfoIndAdapter (protocolmiscadapter.cpp). This leads to an out-of-bounds read and potential information disclosure without extra privileges or user interaction. Public refere...
CVE-2023-48422
CVE-2023-48422 affects Google Pixel/Android components via a missing bounds check in Init of protocolnetadapter.cpp, causing an out-of-bounds read and potential local information disclosure without user interaction. The exploit requires local access and there is no public exploitation detail in t...
CVE-2024-20042
CVE-2024-20042 affects MediaTek devices (da module) with an out-of-bounds write caused by a missing bounds check. This can lead to local escalation of privilege with System execution privileges required, and exploitation does not require user interaction. Affected details in the connected docs in...
CVE-2024-20059
CVE-2024-20059 involves a local privilege escalation in the MediaTek stack due to an incorrect status check in the da module. The flaw can allow a non-privileged or high-privileged user to gain SYSTEM execution privileges without user interaction. Exploitation details are not provided in the conn...
CVE-2024-29756
CVE-2024-29756 describes an out-of-bounds write in the afe_callback function of q6afe.c due to a buffer overflow, enabling local escalation of privilege with no user interaction required. The connected sources consistently reiterate this condition; however, no concrete remediation version is spec...
CVE-2024-32911
CVE-2024-32911 affects Google Pixel devices, specifically the Modem component. The issue stems from improper use of crypto, enabling remote elevation of privilege with no user interaction. The Pixel Update Bulletin lists this CVE under the Pixel firmware/Modem category and indicates that patch le...