8153 matches found
CVE-2016-0805
CVE-2016-0805 affects Qualcomm ARM kernels, specifically the Qualcomm Performance Module in Android. The issue resides in the kernel function get_krait_evtinfo, which returns an index into an array used by other kernel functions; crafted input can generate a malicious index and cause a buffer ove...
CVE-2016-1503
CVE-2016-1503 affects dhcpcd prior to version 6.10.0 (used in Android 4.x/5.x/6.x and other products). The issue is a mismanagement of DHCP option lengths in the print_option path, leading to a heap-based buffer overflow that can enable remote code execution or cause a denial of service via malfo...
CVE-2016-1948
Mozilla Firefox for Android before 44.0 is vulnerable to MITM during lightweight-theme installation because it may not require HTTPS for the client-server data stream, allowing an attacker to replace theme images/colors. Connected advisories indicate this is a real vulnerability affecting Firefox...
CVE-2017-0422
CVE-2017-0422 is a DoS in Android’s Bionic DNS that can be triggered by a crafted network packet to cause a device hang or reboot. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The vulnerability stems from the Bionic DNS component and is remote in scope (netwo...
CVE-2017-0427
CVE-2017-0427 is an elevation-of-privilege vulnerability in the Android kernel file system. A local attacker could execute arbitrary code in the kernel context on devices running Kernel-3.10 or Kernel-3.18, with a potential for permanent device compromise. The CVE’s patch status is not publicly a...
CVE-2017-0440
CVE-2017-0440 describes an elevation-of-privilege flaw in the Qualcomm Wi‑Fi driver for Android kernels 3.10 and 3.18. A local malicious app could exploit it to execute code in the kernel context, after compromising a privileged process. The vulnerability is classified as High severity in the pub...
CVE-2017-0718
CVE-2017-0718 is a remote code execution flaw in Android’s media framework MPEG-2 decoder impacting Android 6.0, 6.0.1, 7.0, 7.1.1 and 7.1.2. Public detail confirms it as a Media framework RCE issue; root cause is in the MPEG-2 decoder path. The Android Bulletin (Aug 2017) documents this and note...
CVE-2017-0768
CVE-2017-0768 is an Elevation of Privilege (EoP) vulnerability in Android’s media framework (libeffects) affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The issue enables a local attacker to gain privileged code execution within a privileged process, with p...
CVE-2017-0806
CVE-2017-0806 is an elevation of privilege in the Android framework (gatekeeperresponse). The Android bulletin and NVD entries list it as a local, user-interaction-required flaw that could enable a malicious local application to bypass user interaction requirements to gain additional permissions....
CVE-2018-9395
The CVE-2018-9395 issue affects the Mediatek WLAN driver (mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config) in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c. It describes a possible out-of-bounds write due to a missing bounds check, enabling local...
CVE-2018-9411
CVE-2018-9411 describes an out-of-bounds write in decrypt of ClearKeyCasPlugin.cpp caused by a missing bounds check, enabling remote code execution with no extra privileges and requiring user interaction for exploitation. Public sources consistently mirror this description, with Android’s July 20...
CVE-2019-9298
CVE-2019-9298 affects Android 10 in the Media Framework (libAACdec). A vulnerability in the library allows an out-of-bounds write caused by an integer overflow, potentially enabling remote code execution. Exploitation requires user interaction. The issue is categorized as RCE with impact to confi...
CVE-2019-9363
CVE-2019-9363 affects Android 10 Bluetooth and describes an out-of-bounds write caused by a missing bounds check. This could allow remote code execution with no privileges, requiring user interaction to exploit. Affected product/area: Android 10 Bluetooth stack. Root cause: improper bounds checki...
CVE-2020-26606
CVE-2020-26606 affects Samsung mobile devices running O(8.x) through R(11.0). The issue allows an attacker to access Secure Folder content via a debugging command. The NVD entry cites CVSS 3.1 base score 7.5 (High) with Network attack vector and no privileges required; confidentiality impact High...
CVE-2021-0976
CVE-2021-0976 concerns an out-of-bounds read in Android’s toBARK implementation (floor0.c). The root cause is a missing bounds check, enabling possible remote information disclosure with no execution privileges; exploitation requires user interaction. Affected software is Android 12 (Android ID A...
CVE-2021-0985
CVE-2021-0985 affects Android 12 via AlertReceiver.java (onReceive). A missing permission check could allow dismissing a system dialog, enabling local privilege escalation without extra execution privileges or user interaction. The Pixel bulletin lists this under Framework with updated AOSP patch...
CVE-2021-0991
CVE-2021-0991 affects Android 12 via the OnMetadataChangedListener in AdvancedBluetoothDetailsHeaderController.java, causing a log information disclosure that could leak Bluetooth MAC addresses. The root cause is information disclosure through verbose/loggable data, enabling local information dis...
CVE-2021-0995
The CVE-2021-0995 entry affects Android 12 and is tied to the WifiServiceImpl.registerSuggestionConnectionStatusListener function, enabling a side-channel information disclosure to infer whether an app is installed without query permissions. This results in local information disclosure with no ex...
CVE-2021-1001
CVE-2021-1001 describes a vulnerability in the Android Media/Video encoding path: In PVInitVideoEncoder of mp4enc_api.cpp, an out-of-bounds read caused by a heap buffer overflow can lead to local information disclosure without additional privileges or user interaction. Affected is Android 12; exp...
CVE-2021-1021
CVE-2021-1021 affects Google Android 12 (and related Android builds) where a flaw in SnoozeNotificationInt within NotificationManagerService.java allows disabling notifications for an arbitrary user due to improper input validation. This can enable local elevation of privilege with user-execution...
CVE-2021-1024
CVE-2021-1024 affects Android 12 and is described in multiple connected sources as a flaw in EventResultPersister.java where an intent redirection can occur due to a confused deputy. This leads to local escalation of privilege with system execution privileges potentially required. The exploitatio...
CVE-2021-1026
Affected software: Android 12 (CVE-2021-1026) involves the RttServiceImpl.java startRanging flow. Vulnerability summary: A side-channel information disclosure could allow a local attacker to infer whether an app is installed without query permissions, leading to local information disclosure with ...
CVE-2021-1045
CVE-2021-1045 is acknowledged in multiple feeds as affecting the Android kernel component Titan‑M used in Google Pixel devices. The Pixel Update Bulletin groups CVE-2021-1045 under Pixel → Titan‑M with severity High, indicating a kernel‑level issue likely resolved in the 2021‑11‑05 patch level. T...
CVE-2021-26687
The CVE-2021-26687 entry concerns LG mobile devices running Android 8–10 where the HostnameVerified default is mishandled in preloaded applications. Connected sources confirm the affected platform (LG Android devices) and the root cause: mishandling of HostnameVerified in preloaded apps, which ca...
CVE-2021-39637
The CVE-2021-39637 entry describes an out-of-bounds read in CreateDeviceInfo of trusty_remote_provisioning_context.cpp due to a missing bounds check. This vulnerability could allow local information disclosure with system privileges required, and is exploitable without user interaction. Affected ...
CVE-2021-39638
CVE-2021-39638 relates to the Android kernel: in the function periodic_io_work_func of lwis_periodic_io.c there is an out-of-bounds write caused by a use-after-free. This leads to local elevation of privilege with System execution privileges required and no user interaction needed. The descriptio...
CVE-2021-39641
CVE-2021-39641 affects Android kernel on Pixel devices (Android ID A-126949257). The connected Pixel security bulletin lists it as a Bootloader-related Elevation of Privilege (EoP) with moderate impact. The entry indicates patch guidance through the December 2021 Pixel Update Bulletin, where upda...
CVE-2021-39650
CVE-2021-39650: In the Android kernel, an out-of-bounds write due to a missing bounds check enables local escalation to System privileges without user interaction. This is tied to Android kernel code and is documented with a MEDIUM base CVSS and LOCAL access. The provided connected documents conf...
CVE-2021-39780
CVE-2021-39780 affects Android 12L Traceur: a missing permission check allows bypassing developer settings to capture system traces, enabling local privilege escalation with user interaction required. The Android 12L security release notes indicate this issue is addressed in Android 12L; devices ...
CVE-2022-26467
CVE-2022-26467 affects the rpmb component in MediaTek chips. An out-of-bounds write caused by an incorrect bounds check could enable local privilege escalation to SYSTEM with no user interaction required. The advisory references patch ALPS07167738 (Issue ALPS07167738) as a fix. Exploitation statu...
CVE-2022-27567
This CVE (CVE-2022-27567) affects the libsimba library via a null pointer dereference in the parser_hvcC function, leading to an out-of-bounds write. The issue is triggered remotely by attackers and is tied to the libsimba code before SMR Apr-2022 Release 1. Several connected sources corroborate ...
CVE-2022-27825
The CVE-2022-27825 vulnerability affects the libsapeextractor library, specifically the sapefd_parse_meta_HEADER function. A faulty size check can allow an out-of-bounds read when processing a crafted media file. This issue is addressed in Samsung SMR Apr-2022 Release 1 (patch package), mitigatin...
CVE-2022-28785
CVE-2022-28785 concerns an improper buffer size check in the aviextractor library prior to Samsung’s SMR May-2022 Release 1, enabling out-of-bounds reads and a potential temporary denial-of-service. Multiple connected sources (NVD, Red Hat advisory, CVE listings, Samsung SMR notes) confirm the is...
CVE-2022-30727
CVE-2022-30727 affects Samsung Mobile’s PersonaManagerService, due to improper handling of permissions in addAppPackageNameToAllowList. The issue allows a local attacker to set certain workspace settings. Root cause: permission management weakness in PersonaManagerService prior to the SMR Jun-202...
CVE-2022-32638
CVE-2022-32638 describes a race-condition in the ISP component allowing an out-of-bounds write that can lead to local privilege escalation with SYSTEM privileges; exploitation reportedly requires no user interaction. A patch is referenced (ALPS07494449/ALPS07494449). Some connected sources attrib...
CVE-2022-33725
The CVE-2022-33725 issue affects Samsung Knox VPN, where a flaw in PendingIntent usage could allow a local attacker to access a content provider with system privileges. Root cause: improper PendingIntent handling within Knox VPN prior to SMR Aug-2022 Release 1. Impact per sources: potential media...
CVE-2022-33732
CVE-2022-33732 is an improper access control vulnerability in Samsung Dex for PC, affecting versions prior to SMR Aug-2022 Release 1. The issue allows a local attacker with unprotected binder access to scan and connect to a PC. The associated remediation is to update to SMR Aug-2022 Release 1 or ...
CVE-2022-39886
CVE-2022-39886 concerns an improper access control vulnerability in the IpcRxServiceModeBigDataInfo component of RIL, prior to Samsung SMR Nov-2022 Release 1. A local attacker could access device information due to the access-control weakness in RIL. Affected: Samsung devices running RIL before t...
CVE-2022-39912
CVE-2022-39912 describes an improper handling of permissions in the Android PersonaManagerService; prior to Android T(13), setSecureFolderPolicy can be exploited locally to modify settings in Secure Folder. The issue arises from insufficient permission checks in the affected function, enabling a ...
CVE-2023-20802
In imgsys, a memory corruption vulnerability arises from improper input validation that could enable local escalation of privilege requiring System execution privileges. User interaction is needed for exploitation. A patch is identified (Patch ID: ALPS07420968; Issue ID: ALPS07420976). Public tec...
CVE-2023-20821
CVE-2023-20821 concerns an out-of-bounds write in nvram due to a missing bounds check in MediaTek-based hardware. The underlying issue can allow local escalation of privilege with System execution privileges required, and exploitation does not require user interaction. Reported remediation refere...
CVE-2023-20923
In CVE-2023-20923, the issue affects ShannonRcs content providers in Android kernel space. The root cause is a permissions bypass in exported content providers that can grant access to protected content providers without additional execution privileges. The practical impact is local information d...
CVE-2023-21152
Summary (CVE-2023-21152) : The vulnerability is an out-of-bounds read in FaceStatsAnalyzer::InterpolateWeightList within face_stats_analyzer.cc on Android kernel. The root cause is a missing bounds check in the weight interpolation logic, enabling a local information disclosure with user-privileg...
CVE-2023-21168
CVE-2023-21168 affects Android 13 and specifically the ColorConverter.cpp function convertCbYCrY, where a missing bounds check may cause an out-of-bounds read and local information disclosure without requiring user interaction. Multiple sources (NVD entry, Red Hat advisory, PRION/OSV enrichment, ...
CVE-2023-21184
CVE-2023-21184 affects Android 13 and is tied to CarrierPrivilegesTracker.java in getCurrentPrivilegedPackagesForAllUsers, where a logic error enables a local privilege bypass with no extra execution privileges and no user interaction required. Public documents consistently describe a permission ...
CVE-2024-20147
CVE-2024-20147 concerns a vulnerability in MediaTek Bluetooth firmware where an improper exception handling can lead to a reachable assertion, enabling remote denial of service without privileges or user interaction. Affected components are MediaTek chipsets, including MT79XX (and MT2737, MT3603,...
CVE-2025-22405
CVE-2025-22405 is an Android elevation-of-privilege vulnerability described as a use-after-free in multiple locations that could enable local code execution with no user interaction. Public sources/connected documents note this CVE as an EoP issue with high severity affecting Android components; ...
CVE-2025-22407
CVE-2025-22407 is a use-after-free in the Android HID (hidd) component, specifically in hidd_check_config_done of hidd_conn.cc, enabling potential arbitrary code execution and local information disclosure without extra privileges or user interaction. The vulnerability is discussed across multiple...
CVE-2012-4220
CVE-2012-4220 / CVE-2012-4221 affect the Qualcomm DIAG kernel-mode driver for Android 2.3–4.2. diagchar_core.c (CVE-2012-4220) and diagchar_core.c with an untrusted pointer dereference (CVE-2012-4221) allow a local application to exploit crafted arguments via diagchar_ioctl to execute arbitrary c...
CVE-2013-6770
CVE-2013-6770 affects CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 on Android 4.3/4.4. The flaw lets any user with ADB shell access and a suitable Linux UID exploit /system/xbin/su --daemon to gain root privileges and create a Trojan script, due to inadequate restriction of who can ru...