8153 matches found
CVE-2024-32893
The CVE-2024-32893 issue affects the Exynos DVFS code path (exynos_dvfs.c) specifically in _s5e9865_mif_set_rate. The flaw is an out-of-bounds read caused by improper casting, leading to local information disclosure without requiring user interaction. Multiple connected sources (including RH/Red ...
CVE-2024-53837
CVE-2024-53837 describes a vulnerability in the Android LWIS component (lwis_periodic_io.c) where an integer overflow can trigger an out-of-bounds write during prepare_response. This leads to local elevation of privilege with no user interaction. The issue is documented across multiple feeds (NVD...
CVE-2025-22412
CVE-2025-22412 is a use-after-free in multiple functions of sdp_server.cc that enables remote code execution with no privileges and no user interaction. Public sources (NVD/NIST entry) describe the flaw as a logic error freeing memory, leading to remote code execution on affected Android platform...
CVE-2026-0097
Technical details about CVE-2026-0097 are not publicly available in the provided documents. Monitor for updates from sources such as the Android bulletin and NVD.
CVE-2012-4221
CVE-2012-4221 involves an integer overflow in the Qualcomm Innovation Center (QuIC) Diagnostics (DIAG) kernel-mode driver for Android 2.3–4.2, specifically in diagchar_core.c. An attacker could exploit crafted arguments via a local diagchar_ioctl call to achieve arbitrary code execution or cause ...
CVE-2014-9892
The CVE-2014-9892 issue affects the Linux kernel (up to 4.7) in the snd_compr_tstamp path used by Android on Nexus 5/7 devices. Root cause: snd_compr_tstamp does not initialize a timestamp data structure, enabling a crafted app to obtain sensitive information. Impact: information disclosure possi...
CVE-2015-5567
CVE-2015-5567 describes a stack memory corruption vulnerability in Adobe Flash Player and Adobe AIR that could allow remote code execution or a denial of service. Affected software and versions (as stated): Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows/OS X; Flash on Linux ...
CVE-2015-6602
CVE-2015-6602 concerns libutils in Android up to version 5.1.1 LMY48M. A crafted metadata payload in MP3/MP4 files can trigger memory corruption and remote code execution via the mediaserver pathway (through libstagefright). The issue is categorized as a Remote Code Execution vulnerability and is...
CVE-2015-6676
CVE-2015-6676 is a buffer overflow vulnerability in Adobe Flash Player and related AIR components. Affected: Flash Player on Windows/macOS prior to 18.0.0.241 and 19.x prior to 19.0.0.185, Linux prior to 11.2.202.521; AIR before 19.0.0.190 and AIR SDK/Compiler before 19.0.0.190. Description notes...
CVE-2017-0412
CVE-2017-0412 is an elevation-of-privilege vulnerability in Android Framework APIs that could let a local malicious app execute code with a privileged process. Affected: Android 7.0 and 7.1.1. Root cause involves Framework APIs enabling privilege escalation; Android patch levels 2017-02-01 / 2017...
CVE-2019-2013
CVE-2019-2013 affects Android rw_t3t_act_handle_sro_rsp in rw_t3t.cc, causing a possible out-of-bounds write due to a missing bounds check. This could enable local elevation of privilege with no additional execution privileges needed, and requires user interaction to exploit. Affected Android ver...
CVE-2020-0048
CVE-2020-0048 affects Android 10 Media Framework (IAudioFlinger.cpp). The root cause is an information leak due to uninitialized data in onTransact, enabling local information disclosure without extra privileges or user interaction. The risk is described as a local information disclosure vulnerab...
CVE-2020-13841
CVE-2020-13841 affects LG mobile devices running Android 9–10 on MTK chipsets. A vulnerable AT command handler allows attackers to bypass intended access restrictions, with a high-severity impact per NVD (CVSS v3.1: 9.8). The available documents describe the issue and affected platform but do not...
CVE-2021-0563
CVE-2021-0563 affects Android 11, due to an out-of-bounds read caused by a heap buffer overflow in ih264e_fmt_conv_422i_to_420sp within ih264e_fmt_conv.c. This could enable local information disclosure without user interaction or additional privileges. Connected sources confirm the vulnerable com...
CVE-2021-0654
Summary: CVE-2021-0654 affects Android Pixel launcher (CVE entry tied to Android kernel/TaskThumbnailView.java) with information disclosure from locked profiles due to a missing permission check in isRealSnapshot. Exploitation requires user interaction; local information disclosure is possible wi...
CVE-2021-25356
CVE-2021-25356 pertains to Samsung’s Managed Provisioning. An improper caller check prior to SMR APR-2021 Release 1 allows an unprivileged application to install arbitrary applications, grant device admin permissions, and subsequently delete multiple installed apps. The issue’s root cause is an i...
CVE-2021-39739
CVE-2021-39739 affects Android 12L and is a vulnerability in the ArrayMap component where SMS contents could be leaked via log information disclosure. The root cause is information disclosure in ArrayMap that enables a local information leak with neither user interaction nor remote access require...
CVE-2021-39766
CVE-2021-39766 affects Android 12L in Settings, enabling a side-channel information disclosure to determine whether an app is installed with local access and no user interaction. Root cause: disclosure of installation status via a side channel. Impact: local information disclosure with no privile...
CVE-2021-39778
CVE-2021-39778 affects Android 12L Telecomm, where improper input validation can reveal whether an app is installed, leading to local information disclosure without privileges. Affected component: Telecomm in Android Framework; root cause: input validation flaw exposing install-state. Impact: inf...
CVE-2022-20002
CVE-2022-20002 affects Android 12L in incfs, where a missing permission check enables mounting on arbitrary paths. This can lead to local privilege escalation to SYSTEM with no user interaction required. The vulnerability is described with CVSSv3.1/2.0 metrics (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...
CVE-2022-20062
In CVE-2022-20062, the issue is a memory corruption via a use-after-free in the mdp component. The root cause is use-after-free leading to local escalation of privileges with System execution privileges required. No user interaction is needed for exploitation. Patch ID: ALPS05836418 (Issue ID: AL...
CVE-2022-20077
The CVE-2022-20077 entry concerns a race-condition-based memory corruption in vow that could enable local privilege escalation to SYSTEM, with no user interaction required. Affected context and root cause are described consistently across multiple sources (e.g., Red Hat, NVD, CVE lists, PRION/CVE...
CVE-2022-20089
The CVE-2022-20089 issue concerns the MediaTek aee driver where a memory corruption vulnerability is triggered by active debug code. The flaw could enable local privilege escalation to SYSTEM with no user interaction required. Affected component: aee driver; root cause: memory corruption from deb...
CVE-2022-20199
Summary: CVE-2022-20199 concerns an information disclosure in Android 13’s NfcService.java due to a confused deputy, enabling local information disclosure without extra privileges. The vulnerability is documented across multiple sources, all describing the same issue, with no exploitation details...
CVE-2022-20397
CVE-2022-20397 affects the Android kernel component SitRilSe.cpp (SitRilClient_OnResponse). The issue is an out-of-bounds write caused by a missing bounds check, enabling local elevation of privilege without user interaction. The CVSSv3.1 metrics indicate LOCAL exploitability, LOW privileges requ...
CVE-2022-20513
CVE-2022-20513 affects Android-13 (Pixel) with a vulnerability in CryptoPlugin.cpp: decrypt_1_2 allows an out-of-bounds read, leading to local information disclosure. Exploitation requires local access; no user interaction is needed. Affected product context is Pixel/Android-13; mitigation guidan...
CVE-2022-20549
CVE-2022-20549 affects Android 13 (Pixel). Root cause: out-of-bounds write in authToken2AidlVec within KeyMintUtils.cpp caused by an incorrect bounds check. Impact: local escalation of privilege with System execution privileges required; no user interaction needed. Exploitation details and fixes ...
CVE-2022-20574
CVE-2022-20574 involves the Android kernel’s DRM firmware path, specifically the function sec_sysmmu_info in drm_fw.c. The issue is an out-of-bounds read caused by improper input validation, enabling local information disclosure without additional privileges and without user interaction. Document...
CVE-2022-20591
CVE-2022-20591 affects the Android kernel component ppmpu_set in ppmpu.c. The vulnerability is a logic error that can cause information disclosure locally without requiring additional execution privileges, and it does not require user interaction. Several connected sources consistently describe a...
CVE-2022-20592
CVE-2022-20592 describes a vulnerability in the Android kernel’s DRM firmware, specifically in the function ppmp_validate_secbuf of drm_fw.c. The flaw stems from improper input validation, allowing local information disclosure without requiring additional execution privileges or user interaction....
CVE-2022-20597
CVE-2022-20597 describes a local Elevation of Privilege in the Android kernel: in ppmpu_set of ppmpu.c, an integer overflow can lead to a local escalation of privilege with no extra execution privileges and no user interaction required. Public sources in NVD/Red Hat entries corroborate the Androi...
CVE-2022-21753
CVE-2022-21753 affects a WLAN driver where a missing bounds check can cause an out-of-bounds write, enabling local escalation to SYSTEM privileges with no user interaction. This is described across sources (NVD/Red Hat/CVE list) as a local-privilege-escalation issue in the WLAN driver, with the p...
CVE-2022-27568
CVE-2022-27568 describes a heap-based buffer overflow in the parser_iloc function of the libsimba library. The vulnerability allows a remote attacker to achieve code execution and arises in versions prior to Samsung SMR Apr-2022 Release 1. The issue is documented across multiple sources (NVD, Red...
CVE-2022-27833
CVE-2022-27833 concerns Samsung SMR DSP driver vulnerability: improper input validation enables out-of-bounds write via integer overflow in the DSP driver prior to SMR Apr-2022 Release 1. CVSS metrics indicate LOCAL attack with low privileges and high impact on confidentiality, integrity, and ava...
CVE-2023-20798
CVE-2023-20798 concerns a buffer size miscalculation in the MediaTek pda module leading to an out-of-bounds read. The issue can cause local information disclosure with system-level privileges and does not require user interaction. Affected component: pda in MediaTek microprogram software (as docu...
CVE-2023-20984
CVE-2023-20984 affects Android 13 via ParseBqrLinkQualityEvt in btif_bqr.cc, where a missing bounds check enables an out-of-bounds read that could cause local information disclosure with system privileges. The vulnerability is described across multiple sources (NVD, Red Hat, OSV, PRION, CNNVD/CVE...
CVE-2023-20991
CVE-2023-20991 corresponds to a buffer/bounds issue in the Pixel ble_scanner_hci_interface.cc function btm_ble_process_periodic_adv_sync_lost_evt. The vulnerability is an out-of-bounds read that could enable local information disclosure with System privileges and requires no user interaction. Evi...
CVE-2023-21004
Affected product: Android 13 devices; component: Transcode Permission Controllers (getAvailabilityStatus). Root cause: missing permission check enabling a permission bypass. Impact: local escalation of privilege with no extra execution privileges required, no user interaction needed. Exploitation...
CVE-2023-21025
CVE-2023-21025 affects Android 13, specifically the function ufdt_local_fixup_prop in ufdt_overlay.c. The vulnerability is an out-of-bounds read due to an incorrect bounds check, allowing local information disclosure with system execution privileges. Exploitation is described as local (no user in...
CVE-2023-21030
The CVE-2023-21030 entry describes a memory corruption vulnerability due to a double free in keystore_cli_v2.cpp, enabling local privilege escalation in Android 13 with no user interaction required. Affected software in the connected data includes Google Pixel security advisories and Pixel bullet...
CVE-2023-21050
CVE-2023-21050 describes a vulnerability in the Android kernel: in load_png_image of ExynosHWCHelper.cpp there is a possible out-of-bounds write due to improper input validation. This can lead to local escalation of privilege with System execution privileges required; no user interaction is neede...
CVE-2023-21183
The CVE-2023-21183 entry affects Android 13, describing a logic error in ForegroundUtils/ForegroundUtils.java that enables reading NFC tag data while an app is in the background. This could lead to local privilege escalation without additional execution privileges and without required user intera...
CVE-2023-32809
CVE-2023-32809 : Affects the Bluetooth driver in MediaTek devices. The issue is improper access control of the register interface, enabling possible read/write access to registers. This can lead to local leakage of sensitive information with system-level privileges required for exploitation, and ...
CVE-2023-35645
CVE-2023-35645 is listed in Google's Pixel update bulletin under the Edgetpu component with a memory-corruption trigger caused by a race condition, yielding local privilege escalation (System level) without user interaction. The Pixel bulletin indicates this issue is addressed by updating to the ...
CVE-2023-35649
The CVE-2023-35649 issue concerns Exynos modem firmware: multiple functions in Exynos modem files allow an out-of-bounds write due to a missing bounds check. This could enable remote code execution with system-level privileges and does not require user interaction. The description and connected r...
CVE-2023-35652
CVE-2023-35652 describes an out-of-bounds read in ProtocolEmergencyCallListIndAdapter::Init (protocolcalladapter.cpp) caused by a missing bounds check. The issue could enable remote information disclosure and may require exploitation at the baseband firmware level, with no user interaction needed...
CVE-2023-35653
CVE-2023-35653 affects Google Pixel devices in the ImsService component. The issue is an information-disclosure via a permissions bypass that could allow access to location information; exploitation is feasible with local access and requires System-level privileges with no user interaction. The P...
CVE-2024-20050
CVE-2024-20050 affects the flashc component in MediaTek-related platforms, with an uncaught exception leading to local information disclosure. Exploitation requires system execution privileges (local attack) and does not require user interaction. Patch ALPS08541757 (Issue ALPS08541757) is associa...
CVE-2024-29742
The CVE-2024-29742 issue is a local information-disclosure vulnerability in the Linux kernel component dvfs.c, specifically in apply_minlock_constraint, caused by a missing bounds check that enables an out-of-bounds read. Exploitation requires local access with no user interaction and could allow...
CVE-2024-29754
CVE-2024-29754 affects Google Pixel/Android components via TMU_IPC_GET_TABLE. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure without requiring user interaction. Exploitation details are not provided in the sources; no explicit impacted...