8153 matches found
CVE-2024-32926
Technical details (affected products/versions/root cause/fix) are not publicly provided in the supplied documents; monitor for updates.
CVE-2024-47032
The vulnerability CVE-2024-47032 affects the lwis_ioctl.c component, specifically the function construct_transaction_from_cmd. The issue is a heap-based out-of-bounds write that can lead to local elevation of privilege without user interaction. Exploitation details (vectors, affected products/ver...
CVE-2025-0081
CVE-2025-0081 concerns Android where the vulnerability is in dng_lossless_decoder::HuffDecode within dng_lossless_jpeg.cpp. The issue stems from uninitialized data in Huffman decoding, which can crash the process and cause remote denial of service without extra privileges and without user interac...
CVE-2014-9870
The CVE-2014-9870 entry concerns the Linux kernel prior to 3.11 on ARM, including Android devices (Nexus 5/7) before 2016-08-05. It exposes a privilege-escalation path via improper handling of user-space access to the TPIDRURW register, enabling local attackers to gain privileges with a crafted a...
CVE-2015-3832
CVE-2015-3832: Affects Android devices with vulnerable libstagefright code (MPEG4Extractor.cpp) prior to 5.1.1 LMY48I. Multiple buffer overflows allow remote attackers to execute arbitrary code via invalid NAL unit size values in MP4 data; the vulnerability is tied to the MP4/Stagefright processi...
CVE-2015-6682
CVE-2015-6682 is a use-after-free in Adobe Flash Player (and related AIR components) that enables remote code execution via specially crafted SWF handling. Affected products include Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and macOS, and before 11.2.202.521 on Linux; A...
CVE-2017-0750
CVE-2017-0750 is an elevation-of-privilege vulnerability reported for the Android kernel, tied to the upstream Linux file system. Multiple connected advisories describe an issue in the kernel’s Flash-Friendly File System (f2fs) and related kernel components that could allow a local attacker to ga...
CVE-2018-9463
The vulnerability CVE-2018-9463 affects the touchscreen path in the Android kernel: In sw49408_irq_runtime_engine_debug (touch_sw49408.c), there is an out-of-bounds write caused by an incorrect bounds check. This can enable local privilege escalation with System execution privileges required and ...
CVE-2018-9497
CVE-2018-9497 affects Android’s media framework. Affected component: the IMPEG-2 decoder, specifically in impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 within impeg2_format_conv.s, where a missing bounds check can cause an out-of-bounds write. This could lead to remote code execution with no additio...
CVE-2019-2014
CVE-2019-2014 is a local elevation-of-privilege vulnerability in Android’s rw_t3t_handle_get_sc_poll_rsp path (rw_t3t.cc), caused by a missing bounds check that can enable an out-of-bounds write. Affected products include Android 7.0–9, with exploitation requiring user interaction. The issue is c...
CVE-2020-28343
CVE-2020-28343 concerns Samsung Exynos NPU kernel driver vulnerabilities disclosed by Project Zero. The issue centers on unsanitized input in the NPU session parsing for /dev/vertex10, leading to two concrete primitives: (1) a heap overflow via a race on shared ION buffer memory_vector_cnt, allow...
CVE-2021-0869
CVE-2021-0869 affects Android kernel components, specifically DumpstateDevice.cpp GetTimeStampAndPkt. The issue is an out-of-bounds write caused by an incorrect bounds check, which the Pixel 2021-09-01 bulletin categorizes as a Remote Code Execution (RCE) vulnerability with High risk. Exploitatio...
CVE-2021-26689
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2022-20039
CVE-2022-20039 affects MediaTek’s ccu driver. The issue is memory corruption caused by an integer overflow in the ccu component, enabling local escalation of privilege with System execution privileges required. User interaction is not needed. Patch ID ALPS06183345 (Issue ALPS06183345) provides mi...
CVE-2022-20052
The CVE-2022-20052 entry concerns the mdp component, where a use-after-free leads to memory corruption. This could enable local escalation of privilege with System execution privileges required, and exploitation reportedly needs user interaction. A patch/workaround is listed as ALPS05836642 (Issu...
CVE-2022-20076
CVE-2022-20076 affects the ged component, with root cause described as memory corruption due to incorrect error handling. The impact is local information disclosure and potential system-level execution privileges, with exploitation not requiring user interaction. A patch is identified (ALPS058388...
CVE-2022-20087
The CVE-2022-20087 issue concerns MediaTek ccu (camera control processor) where a missing bounds check allows an out-of-bounds write, enabling local privilege escalation with System execution privileges required. No user interaction is needed for exploitation. Documented impact is confined to loc...
CVE-2022-20097
CVE-2022-20097 affects the aee daemon and describes a race-condition causing local information disclosure with no extra privileges required. Exploitation requires no user interaction. The vulnerability is associated with a patch ALPS06383944 (Issue ALPS06383944). Connected sources confirm the iss...
CVE-2022-20100
CVE-2022-20100 affects the aee daemon and stems from a missing permission check, enabling local information disclosure with potential System privileges. Exploitation does not require user interaction. Multiple sources (NVD, Red Hat, CVE lists) describe the issue and reference patch ALPS06383944 /...
CVE-2022-20104
CVE-2022-20104 affects the aee daemon with an information-disclosure vulnerability caused by improper access control. The issue allows local disclosure without extra execution privileges and does not require user interaction. Patch ALPS06419017 (Issue ALPS06284104) is noted; no other remediation ...
CVE-2022-20507
The CVE-2022-20507 issue affects Android 13 in the UWB stack, specifically UwbEventManager.java’s onMulticastListUpdateNotificationReceived. The root cause is a missing bounds check that can enable arbitrary code execution, enabling local privilege escalation with no user interaction required. CV...
CVE-2022-20540
CVE-2022-20540 is a local-use-after-free vulnerability in Android’s SurfaceFlinger::doDump. Exploitation could permit arbitrary code execution and local escalation of privilege without user interaction. Affected: Android 13, via SurfaceFlinger component. The issue is documented across multiple fe...
CVE-2022-20542
The CVE-2022-20542 issue affects Android 13 where the function parseParamsBlob in types.cpp may perform an out-of-bounds write due to a missing bounds check. This can enable local elevation of privilege with no user interaction required (CVSS 7.8, HIGH). The vulnerability is documented in multipl...
CVE-2022-20548
CVE-2022-20548 affects Android-13 where EqualizerEffect.cpp:setParameter can trigger an out-of-bounds write due to improper input validation. This is described as a local elevation of privilege with no extra execution privileges required and no user interaction needed. Public documentation refere...
CVE-2022-20593
CVE-2022-20593 affects the Android kernel, involving an out-of-bounds read in the function pop_descriptor_string of BufferDescriptor.h due to a missing bounds check. This condition could allow local information disclosure and requires only local privileges (no user interaction needed). The vulner...
CVE-2022-20604
CVE-2022-20604 affects the Android kernel function SAECOMM_SetDcnIdForPlmn in SAECOMM_DbManagement.c. A missing bounds check causes an out-of-bounds read, enabling possible information disclosure on a single device. The CVSSv3.1 vector indicates a local, low-privilege impact with no user interact...
CVE-2022-20606
The CVE-2022-20606 entry concerns SAEMM_MiningCodecTableWithMsgIE in SAEMM_RadioMessageCodec.c, where a missing bounds check can cause an out-of-bounds read. This could enable remote information disclosure with system privileges required. User interaction is not required. Connected sources confir...
CVE-2022-22263
The CVE-2022-22263 issue affects Samsung SecSettings: an unprotected dynamic receiver in SecSettings allows untrusted apps to launch arbitrary activities due to a privilege misconfiguration. This is tied to the Samsung SMR Jan-2022 Release 1 update and has been referenced in multiple sources (inc...
CVE-2022-27572
The cited CVE-2022-27572 is a heap-based buffer overflow in the parser_ipma function of the libsimba library. It enables remote code execution and is tied to the Samsung SMR patch cycle (prior to SMR Apr-2022 Release 1). The vulnerability has multiple corroborating records (NVD, Red Hat CVE page,...
CVE-2022-27832
The CVE-2022-27832 entry concerns the media.extractor library, where an improper boundary check can be exploited to cause a denial of service via a crafted media file. Affected component: media.extractor library; root cause: boundary check flaw; impact: denial of service (local attacker, low expl...
CVE-2022-42511
CVE-2022-42511 affects EmbmsSessionData::encode in embmsdata.cpp. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with System execution privileges required. User interaction is not needed. The available documents consistently describe ...
CVE-2022-42514
CVE-2022-42514 affects Android kernel code: ProtocolImsBuilder::BuildSetConfig in protocolimsbuilder.cpp is vulnerable to an out-of-bounds read due to a missing bounds check. This could allow local information disclosure with System-level privileges required. The vulnerability is documented acros...
CVE-2022-42521
CVE-2022-42521 affects the Android kernel component wlandata.cpp where the encode path can trigger an out-of-bounds write due to improper input validation. The exploitation requires local access (LOCAL) with high privileges (PR:H) and no user interaction. Impact is defined as full compromise of c...
CVE-2022-42523
CVE-2022-42523 affects Android’s ril_service_1_6.cpp in the kernel’s RIL stack, with an out-of-bounds write caused by an incorrect bounds check in fillSetupDataCallInfo_V1_6. The vulnerability enables local escalation of privilege with System execution privileges required; exploitation reportedly...
CVE-2022-42533
CVE-2022-42533 affects Android kernel via an out-of-bounds write in SharedMetadata.cpp during shared_metadata_init, caused by an integer overflow. Impact is local privilege escalation with no user interaction required. Documented across multiple feeds (NVD, Red Hat, OSV) and listed in Pixel bulle...
CVE-2023-20974
CVE-2023-20974 affects Android 13. The issue is in the function btm_ble_add_resolving_list_entry_complete in btm_ble_privacy.cc , where a missing bounds check can cause an out-of-bounds read. This may lead to local information disclosure and could enable system-level execution privileges, with no...
CVE-2023-20987
CVE-2023-20987: A vulnerability in btm_read_link_quality_complete within btm_acl.cc of Android 13 can cause an out-of-bounds read, leading to local information disclosure over Bluetooth when the attacker has System privileges. The issue requires no user interaction and has an adjacent attack vect...
CVE-2023-21053
CVE-2023-21053 concerns the Android kernel component related to cellular SMS handling. In the function sms_ExtractCbLanguage within sms_CellBroadcast.c, there is an out-of-bounds read caused by a missing bounds check. This leads to a potential information disclosure without requiring execution pr...
CVE-2023-21070
The CVE-2023-21070 issue affects the Android kernel, specifically the bcm4389 driver path in the wl_roam.c file’s add_roam_cache_list function. It describes a potential out-of-bounds write caused by a missing bounds check, which could enable local escalation of privilege with System-level executi...
CVE-2023-21071
The CVE-2023-21071 entry affects the Android kernel, specifically the dhd_prot_ioctcmplt_process function in dhd_msgbuf.c. The issue is an out-of-bounds write caused by improper input validation, enabling local escalation of privilege with System execution privileges required. User interaction is...
CVE-2023-21072
CVE-2023-21072 : The vulnerability affects the Android kernel in the function dhd_rtt.c::rtt_unpack_xtlv_cbfn, where a buffer overflow can cause an out-of-bounds write. This could enable local escalation of privilege to System level. Documents consistently describe the issue as a local exploit pa...
CVE-2023-21077
CVE-2023-21077 affects the Android kernel in the rtt_unpack_xtlv_cbfn function within dhd_rtt.c, where a buffer overflow can cause an out-of-bounds write. This vulnerability could enable local escalation of privileges with SYSTEM-level execution privileges, and exploitation is possible without us...
CVE-2023-21155
The CVE-2023-21155 issue concerns the Android kernel component BuildSetRadioNode in protocolmiscbuilder.cpp, where a missing null check enables an out-of-bounds read that could cause local information disclosure with no extra privileges or user interaction. Several connected sources confirm the r...
CVE-2023-21157
CVE-2023-21157 involves a heap buffer overflow in the Android kernel component wlandata.cpp, causing an out-of-bounds write that can lead to local privilege escalation with system-level privileges. The issue is triggered without user interaction. Affected software is Android kernel (wlandata.cpp)...
CVE-2023-21213
CVE-2023-21213 affects Android-13 (sta_iface.cpp, initiateTdlsTeardownInternal): a missing bounds check leads to an out-of-bounds read in the wifi server, enabling local information disclosure with System privileges and no user interaction required. Multiple connected sources reiter the same root...
CVE-2023-21389
CVE-2023-21389 concerns a bypass of profile owner restrictions in Android Settings due to a missing permission check, enabling local elevation of privilege without extra execution privileges and without user interaction. Multiple connected sources describe this as an Android elevation-of-privileg...
CVE-2023-48397
CVE-2023-48397: Out-of-bounds read in Init of protocolcalladapter.cpp allows information disclosure with potential for System-level impact. The issue requires no user interaction. Documented in multiple sources (NVD entry and Android Pixel bulletin) with Pixel subcomponent exynos-ril and a CVSS v...
CVE-2024-20081
CVE-2024-20081 affects the gnss service. The issue is an out-of-bounds write caused by improper input validation, leading to local escalation of privilege with system execution privileges required. Exploitation is reported to require no user interaction. A fix is available as patch ID ALPS0871960...
CVE-2024-29751
CVE-2024-29751 describes a possible out-of-bounds read in the function asn1_ec_pkey_parse_p384 (asn1_common.c) caused by a missing null check, enabling local information disclosure with no extra privileges or user interaction. Multiple sources tie this to OpenSSL (PT-2024-22991) and list it under...
CVE-2024-29784
CVE-2024-29784 affects lwis_periodic_io.c (LWIS). The vulnerability is an out-of-bounds write caused by an integer overflow in prepare_response, enabling local escalation of privilege without additional privileges or user interaction. Multiple connected sources (RH CVE, NVD/NVD entries, Android P...