8153 matches found
CVE-2017-0760
CVE-2017-0760 is a remote code execution vulnerability in the Android media framework (libstagefright) affecting Android 6.0–6.0.1 and 7.0–7.1.2. The issue is described as a vulnerability in the Media Framework that could allow code execution, with the Android bulletin noting that the most severe...
CVE-2021-0990
CVE-2021-0990 concerns an information-disclosure flaw in Android 12 via getDeviceId in PhoneSubInfoController.java. The issue allows determining whether an app is installed without query permissions, via a side-channel, leading to local information disclosure without extra execution privileges; u...
CVE-2021-1003
The CVE-2021-1003 issue affects Android 12 in AudioService.java (adjustStreamVolume). The root cause is a confused deputy that allows an unprivileged app to change the audio stream volume, enabling local privilege escalation without extra execution privileges, and no user interaction is required ...
CVE-2021-1042
CVE-2021-1042 affects the Android kernel component dsi_panel.c (function dsi_panel_debugfs_read_cmdset). It describes a use-after-free that can disclose freed kernel heap memory, enabling local information disclosure with system privileges (no user interaction required). Connected sources (NVD, R...
CVE-2021-26688
Technical details about CVE-2021-26688 are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2021-39642
CVE-2021-39642 affects the Android kernel component, specifically the function synchronous_process_io_entries in lwis_ioctl.c . The issue is a race condition that enables a possible out-of-bounds write, leading to local elevation of privileges with System-level execution rights required. No user ...
CVE-2021-39649
CVE-2021-39649 affects the Android kernel’s regmap.c, specifically regmap_exit, where improper locking can cause a use-after-free. This enables local escalation of privilege with system execution privileges required and no user interaction. Exploitation status is not provided in the sources; reme...
CVE-2021-39776
The Android 12L release notes list CVE-2021-39776 under the System category with Type EoP and High severity, indicating an elevation-of-privilege issue. The notes do not provide explicit technical details, affected subcomponents beyond class, or exploit vectors. Affected product/version is Androi...
CVE-2021-39777
CVE-2021-39777 affects Android 12L Telephony. The issue is a missing permission check that can disclose whether an app is installed, leaking information locally without user interaction and without requiring extra privileges. Documented impact is information disclosure with a LOCAL attack vector ...
CVE-2022-20093
CVE-2022-20093 concerns a vulnerability in telephony on MediaTek chips. The issue is a missing permission check that could allow a local attacker to disable receiving SMS messages, enabling local privilege escalation without extra privileges. Affected products include a broad set of MediaTek MT-s...
CVE-2022-20203
The CVE-2022-20203 entry refers to a memory corruption vulnerability in the nanopb library, arising in multiple locations during decoding of untrusted protobufs. This can lead to local escalation of privilege with no extra privileges or user interaction required. Available connected sources (e.g....
CVE-2022-20552
CVE-2022-20552 affects Android, with the vulnerability in the btif_a2dp_sink_command_ready function of btif_a2dp_sink.cc. The issue is an out-of-bounds read caused by a use-after-free, leading to local information disclosure without extra execution privileges. Exploitation is described as local a...
CVE-2022-21762
CVE-2022-21762 affects the apusys driver, where an integer overflow can trigger a system crash. The vulnerability enables local denial of service with System execution privileges and does not require user interaction. Affected component is the apusys driver; root cause is integer overflow leading...
CVE-2022-26090
Summary of CVE-2022-26090 : The vulnerability affects SamsungContacts prior to SMR Apr-2022 Release 1, caused by an improper access control error that could allow attackers to access contact information without permission. The issue is documented across multiple sources, with remediation advising...
CVE-2022-28781
The CVE-2022-28781 entry describes an improper input validation in Settings prior to Samsung SMR May 2022 Release 1, enabling attackers to launch arbitrary activities with system privileges. Connected sources confirm this CVE pertains to Samsung Mobile/SMR updates and note the patch adds proper c...
CVE-2022-28783
CVE-2022-28783 concerns Galaxy Themes prior to Samsung SMR May-2022 Release 1, where improper validation allowed uninstalling arbitrary packages without permission. The description in multiple sources confirms the root cause as insufficient validation for removing a package name, enabling unautho...
CVE-2022-30709
CVE-2022-30709 describes an improper input validation logic vulnerability in Samsung SECRIL prior to Jun-2022 Release 1 that can cause a crash. Affected component: SECRIL on Samsung mobile devices. Root cause: fault in input validation logic (no details provided beyond the description). Impact as...
CVE-2022-39908
CVE-2022-39908 affects Samsung decoding library used for video thumbnails on Samsung Mobile devices prior to SMR Dec-2022 Release 1. The root cause is a TOCTOU condition enabling a local attacker to perform an Out-Of-Bounds Write. Affected component: Samsung decoding library for video thumbnails;...
CVE-2022-42515
CVE-2022-42515: In MiscService::DoOemSetRtpPktlossThreshold (miscservice.cpp), a missing bounds check enables an out-of-bounds read. Impact: local information disclosure with system privileges; exploitation requires local access and no user interaction. Affected: Android kernel components (rild_e...
CVE-2023-20811
CVE-2023-20811 involves a boundary-check failure in the MediaTek IOMMU, causing an out-of-bounds write that could enable local privilege escalation with system privileges. Affected component: IOMMU sub-system (MediaTek). Root cause: missing bounds check leading to out-of-bounds write. Impact: loc...
CVE-2023-20972
CVE-2023-20972 affects Android 13. The issue is in btm_vendor_specific_evt within btm_devctl.cc, where a missing bounds check enables an out-of-bounds read that could cause local information disclosure. Exploitation is reported as requiring System privileges with LOCAL attack vector and no user i...
CVE-2023-21001
The CVE-2023-21001 issue (Android 13; Pixel devices) is an Elevation of Privilege vulnerability caused by a missing permission check in onContextItemSelected within NetworkProviderSettings.java. It enables local escalation of privilege without additional execution privileges or user interaction, ...
CVE-2023-21042
CVE-2023-21042 corresponds to a memory corruption issue via a use-after-free in lwis_allocator_init (lwis_allocator.c) within the Android kernel’s lwis subsystem. This could enable local privilege escalation to SYSTEM with no user interaction required. The OSV entry PUB-A-239873326 confirms the u...
CVE-2023-21150
CVE-2023-21150 affects the Android kernel, specifically the function handle_set_parameters_ctrl in hal_socket.c. The vulnerability is an out-of-bounds read caused by an incorrect bounds check, leading to potential local information disclosure with System privileges required. No exploitation detai...
CVE-2023-21208
CVE-2023-21208 affects Android 13 devices with the vulnerable STA interface implementation (sta_iface.cpp). The issue is an out-of-bounds read caused by improper input validation in setCountryCodeInternal, leading to local information disclosure with system-level execution privileges possible. Ex...
CVE-2023-21294
CVE-2023-21294 concerns Android’s Slice component, where a missing permission check enables local information disclosure by exposing installed packages. The exploit requires no user interaction and does not require additional privileges. The connected sources reiterate the same description but do...
CVE-2023-21331
The CVE-2023-21331 issue is in Android’s InputMethod component. It enables local information disclosure by determining whether an app is installed without query permissions, via a side-channel. Impact per the provided data: attacker gains access to sensitive information (C=High) with local access...
CVE-2023-21390
CVE-2023-21390 is described across multiple sources as a permission bypass in the Android environment related to a component labeled as Sim, allowing evasion of mobile-preference restrictions and enabling local privilege escalation without requiring extra execution privileges. Exploitation is rep...
CVE-2023-44216
The CVE-2023-44216 entry concerns PVRIC (PowerVR Image Compression) on Imagination 2018+ GPU devices. The vulnerability stems from software-transparent compression that enables cross-origin pixel-stealing attacks against SVG Filter functions like feTurbulence and feBlend (GPU.zip issue). Affected...
CVE-2023-52342
The CVE-2023-52342 entry concerns the modem-ps-nas-ngmm component, where an undefined behavior due to incorrect error handling could allow remote information disclosure without additional execution privileges. Documents confirm the vulnerability impact is a confidentiality exposure (CVE described...
CVE-2024-23658
This CVE (CVE-2024-23658) affects UNISOC chipsets’ camera driver. The issue is a use-after-free caused by a logic error leading to memory reuse after release, with local denial of service and potential SYSTEM-level execution privileges. Documents describe the vulnerability consistently but do not...
CVE-2024-32922
CVE-2024-32922 involves a logic error in the Pixel GPU power management path, specifically in gpu_pm_power_on_top_nolock within pixel_gpu_power.c, which can lead to a protected memory compromise. The vulnerability could enable local escalation of privilege to the TEE with no additional execution ...
CVE-2024-47015
CVE-2024-47015 affects Google Pixel devices via the function ProtocolMiscHwConfigChangeAdapter::GetData() in protocolmiscadapter.cpp. The vulnerability is caused by a missing bounds check, leading to a possible out-of-bounds read and local information disclosure. Impact is stated as requiring bas...
CVE-2024-47018
CVE-2024-47018 affects Google's Pixel platform; the flaw is in pmucal_rae_handle_seq_int within flexpmu_cal_rae.c. The vulnerability is an out-of-bounds read caused by a buffer overflow, enabling local information disclosure without additional execution privileges and without user interaction. Th...
CVE-2024-56186
Summary (CVE-2024-56186): A vulnerability in the Google Pixel/Android stack where in closeChannel of secureelementimpl.cpp an incorrect bounds check can cause an out-of-bounds read, leading to local information disclosure without extra privileges or user interaction. The CVSSv3.1 base score is 5....
CVE-2025-22404
CVE-2025-22404 is a use-after-free vulnerability in Android's avct_lcb_act.cc (avct_lcb_msg_ind) that could allow local privilege escalation without user interaction or extra privileges. Affected component is within the Bluetooth-related code path; exploitation leads to arbitrary code execution l...
CVE-2015-6677
Technical details about CVE-2015-6677 are not provided in the connected documents. The supplied sources do not reveal affected products, vulnerable components, exploit information, or remediation. Monitor for updates and await published technical specifics.
CVE-2016-3862
CVE-2016-3862 affects Android mediaserver’s ExifInterface usage in media/ExifInterface.java, where improper interaction with static variables in libjhead_jni can allow remote attackers to craft a media file to trigger memory corruption or remote code execution. Impact is described as memory corru...
CVE-2018-9475
The CVE-2018-9475 issue affects Android’s Bluetooth stack (HeadsetInterface::ClccResponse in btif_hf.cc), causing an out-of-bounds stack write that could enable remote elevation of privilege via Bluetooth when SIP calls are enabled, with no user interaction required. Exploitation details are not ...
CVE-2019-2086
CVE-2019-2086 affects the Android 10 libxaac library, with an out-of-bounds write due to a missing bounds check. This could enable remote code execution and requires user interaction to exploit. The issue is documented across multiple sources (NVD entry and Red Hat advisory) as a Libxaac/Android-...
CVE-2019-9247
CVE-2019-9247 affects the Android 10 AAC Codec component, stemming from a missing variable initialization that can lead to remote information disclosure. According to NVD metadata, the CVSS v3.1 base score is 6.5 (Medium) with NETWORK attack vector, LOW complexity, no privileges required, but use...
CVE-2019-9421
CVE-2019-9421 affects the Android framework library libandroidfw, with an out-of-bounds read caused by an integer overflow . The issue enables a potential local information disclosure vulnerability and, per the sources, requires some user interaction to exploit. The vulnerability entry lists affe...
CVE-2021-0550
The CVE-2021-0550 issue affects Android 11, involving the AnnotateActivity.java onLoadFailed path. It enables local elevation of privilege (EoP) by gaining WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy, with no user interaction required. The vulnerability is des...
CVE-2021-0556
CVE-2021-0556: Affected component is getBlockSum in fastcodemb.cpp on Android 11. The issue is a heap buffer overflow leading to an out-of-bounds read that could cause local information disclosure. Exploitation details are not provided in the connected sources; user interaction is not required. N...
CVE-2021-0608
The CVE-2021-0608 entry concerns Android’s AppLaunchActivity.handleAppLaunch, with a local elevation-of-privilege via a confused deputy. Affected component: Pixel Launcher on Pixel devices (and related Android kernel/framework context as per mappings). Root cause: improper handling in AppLaunchAc...
CVE-2021-25479
CVE-2021-25479 affects the Exynos CP Chipset. The issue is a heap-based buffer overflow in the chipset before SMR Oct-2021 Release 1, leading to arbitrary memory writes and potential code execution. The primary documented impact is memory corruption with potential device compromise; exploitation ...
CVE-2021-39683
CVE-2021-39683 targets Android kernel code, specifically in copy_from_mbox within sss_ice_util.c, where a missing bounds check can trigger an out-of-bounds write. This leads to local elevation of privilege with System execution privileges required, and does not require user interaction. The issue...
CVE-2021-39744
CVE-2021-39744 affects Android 12L and is described in Android 12L security release notes. The vulnerability arises in the DevicePolicyManager, enabling a side-channel that can determine whether an app is installed without query permissions, leading to local information disclosure without additio...
CVE-2021-39753
The CVE-2021-39753 issue affects Android 12L, involving DomainVerificationService where a missing permission check allows local information disclosure without extra privileges. This is a framework-level information leak (no user interaction required) with a local attack surface. The Android 12L s...
CVE-2021-39784
The CVE-2021-39784 issue is reported for Android 12L and involves the CellBroadcastReceiver. The root cause is a missing permission check, enabling a path to turn on specific cellular features, which can lead to local elevation of privilege without extra execution privileges and without user inte...