8153 matches found
CVE-2021-0342
The CVE-2021-0342 issue affects the Android kernel, where a use-after-free in tun_get_user (tun.c) can cause memory corruption, enabling local privilege escalation with kernel/system privileges; exploitation requires no user interaction. No patch/version details are provided in the connected docu...
CVE-2017-13305
CVE-2017-13305 : A vulnerability described as an information disclosure in the Upstream Linux kernel encrypted-keys, with affected product scope as Android kernels. The Initial CVE text notes Android kernel as the impacted component and Android ID A-70526974, describing a local information disclo...
CVE-2019-2024
CVE-2019-2024 affects the Linux kernel’s em28xx-dvb code (em28xx_unregister_dvb) where a use-after-free can enable local privilege escalation with no user interaction. The connected Nessus entries reference Upstream kernel fixes and Unity/Linux advisories, indicating a patch exists upstream; down...
CVE-2020-0215
CVE-2020-0215 affects Android devices via a leak in ConfirmConnectActivity.java related to a permissions bypass that exposes the Bluetooth MAC address. The vulnerability could enable local elevation of privilege to access pairing information, with user interaction required for exploitation. Affec...
CVE-2023-21114
CVE-2023-21114 affects Android devices with a local elevation of privilege due to a confused deputy in components referenced in the Android WiFi stack and related platform code. Exploitation requires local access and does not need user interaction. Multiple vendors’ advisories (e.g., Android secu...
CVE-2022-20229
CVE-2022-20229 affects Android 10–12 (including 12L). The issue is an out-of-bounds write in bta_hf_client_at.cc (function: bta_hf_client_handle_cind_list_item) caused by a missing bounds check. This can enable remote code execution with Network access and no user interaction. CVSS v3 base score ...
CVE-2019-9345
CVE-2019-9345 affects the Android kernel (sdcardfs) and describes a local elevation of privilege due to shared mapping of OBB files that can breach profile data separation. The vulnerability is classified as Elevation of Privilege (High) in the Kernel component per Pixel update bulletin, with loc...
CVE-2019-9441
CVE-2019-9441 describes an elevation-of-privilege vulnerability in the Android kernel MNH driver. The issue is an out-of-bounds write caused by improper input validation, which could allow a local attacker to gain System-level execution privileges without user interaction. Public documentation in...
CVE-2019-9446
CVE-2019-9446 affects the Android kernel FingerTipS touchscreen driver. The issue is an out-of-bounds write caused by improper input validation, enabling a local escalation of privilege with System execution privileges required. Exploitation does not require user interaction. The connected docume...
CVE-2021-0340
CVE-2021-0340 affects Android 10, with the issue located in IsoInterface.java (parseNextBox). The root cause is improper input validation that can leak unredacted location information, enabling remote information disclosure without additional execution privileges; exploitation requires user inter...
CVE-2021-39713
Technical details about CVE-2021-39713 are not provided in the provided documents; only high-level references (Android kernel and upstream kernel) are present. Monitor for updates.
CVE-2019-9436
CVE-2019-9436 affects the LG Bootloader component in Android (per Pixel Update Bulletin). The issue is described as a secure boot bypass enabling local elevation of privilege (EoP) with SYSTEM privileges, with exploitation described as requiring user interaction. The vulnerability is listed as Ty...
CVE-2017-0540
CVE-2017-0540 describes a remote code execution in the Android Mediaserver’s libhevc component. The underlying issue is a memory corruption vulnerability triggered by specially crafted media files during processing, enabling code execution within the Mediaserver process. Affected Android versions...
CVE-2021-0941
CVE-2021-0941 is a Linux kernel vulnerability reported as an out-of-bounds read in bpf_skb_change_head() within filter.c caused by a use-after-free. It enables local privilege escalation to SYSTEM with no user interaction. Exploitability is LOCAL; impact includes confidentiality, integrity, and a...
CVE-2022-20368
CVE-2022-20368 is confirmed in connected advisories as a slab-out-of-bounds access in packet_recvmsg() within the Linux kernel networking stack. The linked documents (e.g., ALSA-2022 kernel advisories for Linux kernels used in Debian/OpenSUSE/OpenSUSE/Linux distributions) explicitly reference thi...
CVE-2023-20954
CVE-2023-20954 affects Android systems (Android 11, 12, 12L, 13). In SDP_AddAttribute() within sdp_db.cc, an out-of-bounds write is caused by an incorrect bounds check, enabling potential remote code execution with no privileges and no user interaction required. The vulnerability is triggered via...
CVE-2020-0099
CVE-2020-0099 affects Android 8.0–10 and involves the WindowManagerService.addWindow, with an insecure default value enabling a possible window overlay attack (tapjacking) leading to local privilege escalation. Exploitation requires user interaction in the documented reports, and the issue is cat...
CVE-2020-0439
CVE-2020-0439 affects Android 8.0–11 and is caused by an incorrect permission check in PackageManagerService.generatePackageInfo, leading to a local elevation of privilege where instant apps could access permissions not allowed for instant apps without extra execution privileges. The vulnerabilit...
CVE-2016-5696
Technical details about CVE-2016-5696 are not publicly provided in the supplied connected documents; monitor for updates.
CVE-2019-2126
CVE-2019-2126: In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer, which could enable remote code execution with no extra privileges. Reported across libvpx usage in Android packages: Android-7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. User...
CVE-2019-2194
CVE-2019-2194 affects Android 9, specifically SurfaceFlinger::createLayer in SurfaceFlinger.cpp. The issue is an improper cast that can enable arbitrary code execution and local escalation of privileges without user interaction. Affected component is the Android graphics stack (SurfaceFlinger). T...
CVE-2017-13166
CVE-2017-13166 describes an elevation of privilege in the kernel v4l2 video driver, affecting the Android kernel. The underlying issue enables a local attacker with minimal privileges to escalate to higher privileges by exploiting the v4l2 component, as reflected in vulnerabilities tracked across...
CVE-2019-9248
The CVE-2019-9248 entry concerns the Android kernel FingerTipS touchscreen driver, where a missing bounds check enables a local out-of-bounds write that can escalate privileges to System with no user interaction. Affected component: FingerTipS touchscreen driver in the Android kernel. Root cause:...
CVE-2020-0227
CVE-2020-0227 affects Android (Android-8.0 to Android-10) via a flaw in onCommand of CompanionDeviceManagerService.java where a missing permission check allows local elevation of privilege. Exploitation could enable background data usage or launching from the background without extra execution pr...
CVE-2017-13215
CVE-2017-13215 describes an elevation-of-privilege in the Upstream Linux kernel skcipher_recvmsg path. The vulnerability, tied to the skcipherRecvMsg function, enables local privilege escalation when exploited via the Android kernel (Android kernel reference). Exploitation status is not detailed ...
CVE-2019-9452
CVE-2019-9452 affects the Android kernel, specifically the SEC_TS touch driver. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure with System execution privileges required. Exploitation does not require user interaction. The provided conn...
CVE-2019-9270
Technical details for CVE-2019-9270 are not publicly provided in the supplied Connected documents. The initial description contains only a high‑level summary. Monitor for updates from vendors/security advisories; no additional exploit, affected products, or remediation details are provided here.
CVE-2022-20433
CVE-2022-20433 is reported with a missing authorization check in a system service, leading to Local Elevation of Privilege on affected Android components. Connected sources link this CVE to UNISOC Telephony (A-242221901) and Android SoC contexts, describing the root cause as a missing permission ...
CVE-2017-0720
The CVE-2017-0720 entry concerns Android's media framework libhevc, where a remote code execution vulnerability affects Android versions 5.0.2, 5.1.1, 6.0/6.0.1, and 7.0/7.1.1/7.1.2. The issue is triggered by processing a specially crafted file, with impact described as remote execution of arbitr...
CVE-2020-0067
In CVE-2020-0067, the Linux kernel’s F2FS implementation (f2fs_xattr_generic_list in xattr.c) is vulnerable to an out-of-bounds read caused by a missing bounds check. This could enable local information disclosure and requires System privileges, with no user interaction needed for exploitation. T...
CVE-2022-20419
CVE-2022-20419 (Android 12L–13) arises from a logic error in ActivityRecord.java setOptions that can load arbitrary Java code into the launcher process, enabling local escalation of privilege without extra execution privileges. Affected Products/Versions: Android-12L and Android-13 per the publis...
CVE-2021-0341
CVE-2021-0341 affects the OkHostnameVerifier.verifyHostName path in Android (OkHostnameVerifier.java). It describes a possible acceptance of a certificate for the wrong domain due to improper crypto usage, leading to remote information disclosure without extra privileges. Affected Android version...
CVE-2021-39665
CVE-2021-39665 affects Android 12 with a vulnerability in checkSpsUpdated (AAVCAssembler.cpp) that can trigger a heap-based out-of-bounds read, enabling remote information disclosure. Exploitation requires user interaction (per the description); no explicit patch/version is provided in the connec...
CVE-2023-40088
CVE-2023-40088 is a memory corruption via a use-after-free in Android’s Bluetooth stack (callback_thread_event in com_android_bluetooth_btservice_AdapterService.cpp). The issue could allow remote code execution with no privileges and no user interaction, limited to proximal/nearby Bluetooth range...
CVE-2017-0783
CVE-2017-0783 is described in connected documents as the Bluetooth Pineapple vulnerability affecting the Android Bluetooth stack. The flaw allows an attacker to create a malicious network interface on a victim device, reconfigure IP routing, and force all communications to pass through the attack...
CVE-2022-20127
CVE-2022-20127: Out-of-bounds write due to a double free in ce_t4t_data_cback (ce_t4t.cc) can lead to remote code execution with no user interaction on Android 10–12 (including 12L). Affected: Android versions listed in the CVE entry; multiple vendor advisories (Google Android bulletin; Red Hat/C...
CVE-2020-0198
The CVE-2020-0198 entry concerns the libexif library used on Android-10. The issue is in exif_data_load_data_content of exif-data.c, where an integer overflow can trigger a UBSAN abort, potentially enabling remote denial of service with no additional execution privileges. Exploitation requires us...
CVE-2022-20132
CVE-2022-20132 : The Android/Linux kernel contains an out-of-bounds read in the HID path (lg_probe and related hid-lg.c functions) due to improper input validation. This could allow local information disclosure when a malicious USB HID device is plugged in, with no privileges required and no user...
CVE-2017-0811
CVE-2017-0811 is a remote code execution vulnerability in the Android media framework (libhevc). Affected products/versions include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The vulnerability originates in the media framework and could allow an attacker with local access to ru...
CVE-2019-9444
CVE-2019-9444 affects the Android kernel’s sync debugfs driver, where a kernel pointer leak occurs due to using printf with %p. This leads to potential local information disclosure with system privileges required for exploitation. The vulnerability can be triggered locally, and user interaction i...
CVE-2019-9433
CVE-2019-9433 is a libvpx vulnerability identified in multiple advisories. The issue is described as an information disclosure caused by improper input validation in libvpx, enabling remote information disclosure without extra execution privileges (user interaction required per the CVE entry). Th...
CVE-2021-39686
The CVE-2021-39686 entry concerns a race condition in the Android binder driver (binder.c) that can cause incorrect domain checks in SELinux, enabling local privilege escalation without extra privileges. This is tied to the Android kernel; exploitation is stated as local with no user interaction....
CVE-2021-39692
CVE-2021-39692 describes a local elevation of privilege in Android (10–12) via SetupLayoutActivity.java (tapjacking/overlay) that could bypass user consent to set up a work profile. Exploitation requires user interaction; CVSS indicates high impact (EoP) with local attack vector. Public reference...
CVE-2022-20421
CVE-2022-20421 : In the Android kernel, the memory corruption arises from a use-after-free in binder_inc_ref_for_node() inside binder.c, enabling a possible local escalation of privilege with no extra execution privileges and without user interaction. The affected software is the Android kernel; ...
CVE-2023-21270
CVE-2023-21270 affects Android’s PermissionManagerServiceImpl.java, specifically in restorePermissionState, where a flaw can allow an app to retain permissions that should be revoked due to incorrect permission flag clearance during an update. This can lead to local elevation of privilege with Us...
CVE-2022-20186
CVE-2022-20186 affects the Mali kernel driver (mali_kbase_mem_linux.c) in Android, where improper input validation in kbase_mem_alias enables arbitrary kernel code execution and local privilege escalation with no user interaction. Public details come from NVD and the Pixel bulletin; exploitation ...
CVE-2022-20465
CVE-2022-20465 affects Android 10–13 where a logic error in KeyguardHostViewController.java (and related files) can cause a lockscreen bypass via the dismiss() flow, enabling local privilege escalation without user interaction. Connected sources confirm the vulnerable component and impact; mitiga...
CVE-2024-49747
CVE-2024-49747 affects Android via the Bluetooth stack: in function gatts_process_read_by_type_req within gatt_sr.cc, a logic error can cause an out-of-bounds write. This could enable remote code execution with no additional privileges and without user interaction. The available documents consist...
CVE-2021-39701
CVE-2021-39701 affects Google Android System components, with the issue described as a flaw in serviceConnection of ControlsProviderLifecycleManager.kt that could allow a foreground service to run without a notification or required permission due to improper input validation. This could enable lo...
CVE-2020-0213
CVE-2020-0213 affects Android Media Framework (ihevcd_fmt_conv_420sp_to_420sp_av8) and is caused by a heap buffer overflow leading to a possible out-of-bounds write. Impact: remote information disclosure with no execution privileges required, exploitable with user interaction. Affected products/v...