8153 matches found
CVE-2025-48651
Summary: CVE-2025-48651 pertains to StrongBox in Android. In KMKeymasterApplet.java’s importWrappedKey, insufficient input validation could allow access to restricted keys, enabling local information disclosure without extra privileges or user interaction. The issue is classed as a local vulnerab...
CVE-2023-20746
The CVE-2023-20746 entry details a vulnerability in the vcu component of MediaTek chips. Root cause: an out-of-bounds write caused by improper locking. Impact: local escalation of privilege to SYSTEM level with no user interaction required. Affected scope is limited to the vcu module; exploitatio...
CVE-2023-20845
CVE-2023-20845 affects imgsys. The vulnerability is an out-of-bounds read caused by missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. Patch ID ALPS07197795 / Issue ID ALPS07340357 is associated wi...
CVE-2023-21362
CVE-2023-21362 affects Google Android (Android Framework). The issue is a DoS caused by resource exhaustion that can lead to local denial of service without extra privileges. The available documents cite it as a Framework DoS in Android 14 release notes, with no exploitation details provided. Mit...
CVE-2023-21364
CVE-2023-21364 affects Android’s ContactsProvider, causing a crash loop through resource exhaustion that can lead to local persistent DoS in the Phone app. The vulnerability is connected to the ContactsProvider component and is exploitable with local access and low privileges, without user intera...
CVE-2023-21398
CVE-2023-21398 affects the Android ecosystem with a logic error in the sdksandbox component that enables a strandhogg-style overlay attack, leading to local elevation of privilege without extra execution privileges and with no user interaction required. Multiple sources (NVD, Red Hat, CNVD, CN) d...
CVE-2023-32828
The CVE-2023-32828 issue affects the vpu component and is described as an integer overflow causing an out-of-bounds write. This could enable local escalation of privilege with System-level execution privileges required; no user interaction is needed. Reported patch ID: ALPS07767817 (Issue ALPS077...
CVE-2023-32885
The CVE-2023-32885 entry concerns a memory corruption issue in the display DRM module, affecting MediaTek chips. The root cause is a missing bounds check, enabling local privilege escalation with System execution privileges needed; exploitation requires local access and no user interaction is req...
CVE-2023-42644
CVE-2023-42644 affects the dm service, where a possible missing permission check could permit local information disclosure without requiring additional execution privileges. Connected sources consistently describe a local-privilege-check omission as the root cause. Consequences are limited to inf...
CVE-2024-20080
The CVE-2024-20080 entry affects the gnss service, caused by improper certificate validation. This can enable remote escalation of privilege without additional privileges, with no user interaction required. The vulnerability is rated critical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and i...
CVE-2024-20118
CVE-2024-20118 affects the MediaTek mms component, with an out-of-bounds write caused by an incorrect bounds check. This can lead to local escalation of privilege and SYSTEM privileges are required for exploitation; no user interaction is needed. A patch is referenced as ALPS09062392 (MSV-1621). ...
CVE-2024-20128
CVE-2024-20128 affects MediaTek Telephony components (Telephony in MediaTek chipsets). The issue is an out-of-bounds read due to a missing bounds check, which could allow remote denial of service without user interaction. Impact is described as high (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) per CVSS ...
CVE-2025-20642
CVE-2025-20642 describes an out-of-bounds write in the DA module caused by a missing bounds check. This could enable local privilege escalation when an attacker has physical access to the device, with user interaction required for exploitation. A patch is identified as ALPS09291146 (MSV-2057); no...
CVE-2025-20979
CVE-2025-20979 concerns an out-of-bounds write in Samsung’s libsavscmn prior to Android 15. Affected component: libsavscmn (cell phone software). Root cause: an out-of-bounds write issue that enables local attackers to execute arbitrary code. Impact: high (local code execution with high confident...
CVE-2026-0006
CVE-2026-0006 is a heap-based out-of-bounds read/write vulnerability that can lead to remote code execution with no user interaction. It is listed under Android System as affected, with an updated AOSP version set to 16 and mitigation via security patch levels 2026-03-01 or later (Android 16-era ...
CVE-2014-9795
CVE-2014-9795 affects the Android/Qualcomm stack on Nexus 5: the aboot.c implementation in Qualcomm components fails to properly guard against an integer overflow when processing crafted start/size values, enabling a local attacker to bypass access restrictions. The issue is tied to Android inter...
CVE-2015-3845
CVE-2015-3845 affects Android Binder’s Parcel handling: the Parcel::appendFrom function in libs/binder/Parcel.cpp does not consider parcel boundaries when identifying binder objects, in Android versions before 5.1.1 LMY48M. The underlying flaw can allow a crafted application to obtain privileges ...
CVE-2015-3867
CVE-2015-3867 is a vulnerability in Android’s libstagefright prior to 5.1.1 LMY48T where processing a specially crafted media file can cause memory corruption and remote code execution in the mediaserver service. The root cause is tied to libstagefright’s handling of media data, enabling an attac...
CVE-2015-6604
CVE-2015-6604 affects Android’s libstagefright before 5.1.1 LMY48T. A crafted media file could cause memory corruption in mediaserver, enabling remote code execution or a denial of service. Root cause is memory corruption in the media processing pipeline. The public description confirms the compo...
CVE-2015-6620
Android libstagefright vulnerabilities in mediaserver allow local privilege escalation to Signature or SignatureOrSystem for devices running before 5.1.1 LMY48Z and before 2015-12-01 for 6.0. Root cause: flaws in libstagefright enabling memory/logic errors during crafted media processing. Impact ...
CVE-2015-6634
CVE-2015-6634 concerns memory corruption/remote code execution in Android’s display drivers prior to 5.1.1 LMY48Z when processing a crafted media file. The vulnerability, tracked as internal bug 24163261, could allow remote attackers to execute arbitrary code or cause a denial of service via medi...
CVE-2016-0810
CVE-2016-0810 affects Android mediaserver’s mediaserver component, specifically the MediaLib SoundPool handling in media/libmedia/SoundPool.cpp. The root cause is mishandled locking requirements, which can allow a crafted application to escalate privileges to obtain Signature or SignatureOrSystem...
CVE-2016-10385
CVE-2016-10385 is a high-severity use-after-free in IMS RCS across Qualcomm Android CAF builds using the Linux kernel. Public docs note a remote-exploitable condition with critical impact ( CVSSv3 9.8 ). The vulnerability affects Qualcomm firmware in CAF Android releases; Android security bulleti...
CVE-2016-6729
CVE-2016-6729 is an elevation-of-privilege vulnerability in the Qualcomm bootloader used by Android prior to 2016-11-05. A local malicious app could execute arbitrary code in kernel context, potentially leading to permanent device compromise that may require reflashing. Android ID: A-30977990; re...
CVE-2016-6733
The CVE-2016-6733 entry describes an elevation-of-privilege vulnerability in the NVIDIA GPU driver for Android prior to 2016-11-05 that could allow a local malicious app to execute code in the kernel context. The impact is described as Critical, including potential permanent device compromise req...
CVE-2017-0418
CVE-2017-0418 is an elevation of privilege in Android’s Audioserver that could allow a local malicious application to run arbitrary code in the context of a privileged process. Affected products are Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The provided documents consisten...
CVE-2017-0436
Summary of CVE-2017-0436 (Qualcomm sound driver privilege escalation) : The vulnerability affects Android, specifically the Qualcomm sound driver within kernel contexts (kernel versions 3.10 and 3.18). It enables a local, malicious application to elevate privileges and execute arbitrary code in t...
CVE-2017-0451
CVE-2017-0451 describes an information-disclosure vulnerability in the Qualcomm sound driver on Android. The issue enables a local malicious application to access data outside its granted permissions after compromising a privileged process. Affected components include Android kernels around 3.10 ...
CVE-2017-0465
CVE-2017-0465 describes an elevation of privilege vulnerability in the Qualcomm ADSPRPC driver that could allow a local attacker to execute arbitrary code in the kernel context on Android devices. Affected components/versions in the public records include the Android kernel (Kernel-3.10, Kernel-3...
CVE-2017-0550
CVE-2017-0550 corresponds to a remote denial-of-service in libavc within Android’s Mediaserver. The vulnerability affects Android 6.0–7.1.1 and could be triggered by a specially crafted file, potentially causing device hang or reboot. Connected documents corroborate the Mediaserver/libavc context...
CVE-2017-0646
CVE-2017-0646 is an information-disclosure vulnerability in the Android Bluetooth component that could allow a local malicious app to access data beyond its permissions. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID A-33899337). The connected...
CVE-2017-0668
The CVE-2017-0668 entry describes an information disclosure vulnerability in the Android framework affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID A-22011579). The connected sources re-iterate that this is an information disclosure issue in Framework/...
CVE-2017-0670
CVE-2017-0670 describes a denial‑of‑service in the Android framework affecting Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID: A-36104177). The vulnerability is listed under the Android Framework component as a DoS issue; no detailed root cause or exploit information...
CVE-2017-0733
The CVE-2017-0733 entry describes a denial-of-service vulnerability in Android’s media framework (libmediaplayerservice). Affected products/versions include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The initial description does not specify the exact root cause beyond the DoS label;...
CVE-2017-0763
CVE-2017-0763 is a remote code execution vulnerability in Android’s media framework libhevc. Affected products include Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The root cause is a flaw in the media framework’s HEVC decoding path that could allow an attacker to run ar...
CVE-2017-0780
CVE-2017-0780 is a DoS in Android's runtime (FrameSequenceDrawable) triggered when processing GIF-based frames in MMS. The root cause is a Null Pointer Exception path: acquireAndValidateBitmap can accept a null or invalid Bitmap from a custom FrameSequenceDrawable.BitmapProvider, leading to an NP...
CVE-2017-0796
CVE-2017-0796 is an Elevation of Privilege in the MediaTek AUXADC driver within the Android kernel. Affected component: MediaTek AUXADC driver (on Android devices). Root cause: unspecified in the provided text beyond the vendor/product mapping; the entry states elevation of privilege. Impact acco...
CVE-2017-0804
CVE-2017-0804 is an Elevation of Privilege vulnerability in the MediaTek MMC driver within the Android kernel. It affects the MMC driver component and is documented as a local privilege escalation (attack vector local, low attack complexity) with a high impact on confidentiality, integrity, and a...
CVE-2017-0813
Summary of CVE-2017-0813 : A denial-of-service vulnerability exists in the Android media framework (libstagefright) affecting Android versions 7.0, 7.1.1, and 7.1.2. The issue is identified as a DoS in the Media framework component; the provided documents do not specify the root cause details bey...
CVE-2017-0820
CVE-2017-0820 is a DoS vulnerability in the Android media framework affecting Android versions 7.0, 7.1.1, 7.1.2 and 8.0. The issue is tracked in multiple feeds and is listed in the October 2017 Pixel/Nexus Security Bulletin under the Media framework with DoS as the type and NSI as the status. Th...
CVE-2017-0863
CVE-2017-0863 is an elevation-of-privilege vulnerability in the Upstream kernel video driver affecting the Android kernel on Pixel/Nexus devices. The issue enables a local attacker to escalate privileges (local exploit, low attack complexity, no user interaction), with partial confidentiality, in...
CVE-2017-13148
CVE-2017-13148 is a DoS in Android's media framework (libmpeg2). Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. The issue is described as a denial-of-service vulnerability in the media decoding path. The Android bulletin indicates patches exist in the 2017-12-01 and 2017-12-05 lev...
CVE-2017-13248
CVE-2017-13248 affects Android Media framework; the vulnerability is an out-of-bounds write in impeg2_idct_recon_sse42_intr.c (impeg2_idct_recon_sse42_intr) that could allow remote code execution with user interaction. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. The issue ...
CVE-2017-13272
CVE-2017-13272 affects Android (7.0–8.1). The issue is an out-of-bounds write caused by a use-after-free in alarm_ready_generic (alarm.cc), enabling remote escalation of privilege with no user interaction. CVSSv3 base score 9.8 (Network, High impact on confidentiality, integrity, availability). T...
CVE-2017-13287
CVE-2017-13287 is an Elevation of Privilege vulnerability in Android’s VerifyCredentialResponse.java. In createFromParcel, there is a possible invalid parcel read caused by insufficient input validation. If mPayload in writeToParcel is null, this could allow a local attacker to escalate privilege...
CVE-2017-13309
CVE-2017-13309 affects ConscryptEngine.java in Android's Conscrypt implementation. In readEncryptedData, there is a plaintext leak due to improper crypto usage, enabling local information disclosure without extra privileges or user interaction. The Android security bulletin (2018-05-01) associate...
CVE-2017-14891
CVE-2017-14891 affects the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12. The issue is an uninitialized variable that can leak stack contents, causing information disclosure. The vulnerability is tied to the kernel/driver sta...
CVE-2017-14909
Technical details about CVE-2017-14909 are not publicly available in the provided documents. Monitor for updates from the connected sources.
CVE-2017-8255
CVE-2017-8255 affects Qualcomm bootloader components in Android CAF builds that use the Linux kernel. The issue is described as an integer overflow in the bootloader, leading to elevation of privilege (EoP) within the kernel context. Public sources in the provided documents identify the vulnerabi...
CVE-2017-8260
CVE-2017-8260 is a Qualcomm component issue mapped to the Camera driver in Qualcomm parts. Root cause: a type downcast in CAF Linux kernel code allows a value to bypass validation, enabling an out-of-bounds write. Impact: local kernel context elevation via the Camera driver (per the CVE entry in ...