8153 matches found
CVE-2018-9527
The CVE-2018-9527 issue affects Android’s Media framework, specifically in vorbis_book_decodev_set of codebook.c, where a missing bounds check can cause an out-of-bounds write. This could enable remote code execution with no extra privileges, requiring user interaction to exploit. Affected versio...
CVE-2018-9586
The CVE-2018-9586 issue affects Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1 and 9.0. It stems from a race condition in InstallPackageTask.java that can leave package verification turned off, enabling local elevation of privilege with no extra execution privileges or user interaction required. Affected pr...
CVE-2019-1992
CVE-2019-1992 affects Android. In the code path bta_hl_sdp_query_results within bta_hl_main.cc a race condition can cause a use-after-free, leading to remote code execution with no extra privileges needed. The issue is tied to Android versions 7.0–7.1.2, 8.0, 8.1, and 9 (Android ID: A-116222069)....
CVE-2019-2105
CVE-2019-2105 affects Android’s library component: in FileInputStream::Read of file_input_stream.cc, a memory corruption due to uninitialized data could enable remote code execution in an unprivileged process. Exploitation requires user interaction. Affected Android versions include 7.0, 7.1.1, 7...
CVE-2020-0003
CVE-2020-0003 affects Android 8.0 when the framework’s InstallStart.java onCreate contains a time‑of‑check time‑of‑use packaging validation bypass. The issue could allow a local elevation of privilege with user interaction required, via a vulnerability in the Android Framework. Public details ind...
CVE-2020-0039
CVE-2020-0039 affects Android 8.0–10 via an out-of-bounds read in rw_i93_sm_update_ndef (rw_i93.cc) caused by a missing bounds check, enabling potential remote information disclosure with no user interaction. The issue is categorized as Information Disclosure (Android 8–10) with network-based exp...
CVE-2020-0116
CVE-2020-0116 is a local information-disclosure issue in Android 10’s System area stemming from a permissions bypass in LocationAccessPolicy.checkSystemLocationAccess, which could bypass user profile isolation and disclose data without extra execution privileges. Affected product: Android (Androi...
CVE-2020-0478
CVE-2020-0478 targets Android-11, with a vulnerability in restoration.c (extend_frame_lowbd) causing an out-of-bounds write due to a missing bounds check. This can enable local privilege escalation and requires user interaction for exploitation. Affects Android-11; exploitation details or patch/v...
CVE-2020-26600
CVE-2020-26600 concerns Samsung mobile devices running Q(10.0). The issue involves the Auto Hotspot feature, which can allow a remote attacker to obtain sensitive information over the network. Key details from connected sources: Affected product area: Samsung Mobile Android distribution with Q(10...
CVE-2020-26605
Technical details about CVE-2020-26605 are not publicly provided in the supplied documents. Monitor for updates from vendors (Samsung security page, Red Hat, NCSC advisories) for affected products, fixes, and impact.
CVE-2021-0367
The CVE-2021-0367 entry describes a race-condition induced memory corruption in Android’s vpu component, enabling local escalation of privilege with System permissions required and no user interaction. Affected products are Android 10 and Android 11; the issue is tied to patch ALPS05371580 (Issue...
CVE-2021-0623
CVE-2021-0623 affects the asf extractor component. The linked records describe an out-of-bounds read caused by an integer overflow, leading to local information disclosure without requiring user interaction. The vulnerability is documented across multiple sources (including NVD and vendor/Red Hat...
CVE-2021-25338
CVE-2021-25338 describes an improper memory access control weakness in the RKP of Samsung mobile devices prior to the SMR Mar-2021 Release 1. The issue allows a compromised kernel to write portions of the RKP EL2 memory region, implying local attacker capabilities with kernel-level access and pot...
CVE-2022-20289
CVE-2022-20289 affects Android 13: a side-channel in PackageInstaller can reveal whether an app is installed without query permissions, causing local information disclosure with no user interaction. Root cause: information disclosure via PackageInstaller side channel. Impact: potential exposure o...
CVE-2022-20311
CVE-2022-20311 affects Android 13 Telecomm: a missing permission check could disclose registered self-managed phone accounts, enabling local information disclosure with low risk of exploitation (attack vector LOCAL, UI:N). Root cause is a permission check omission in Telecomm that exposes sensiti...
CVE-2022-20339
CVE-2022-20339 affects Android 13 and is caused by an insecure SEpolicy configuration that allows access to the network neighbor table, leading to local information disclosure of network topography with no additional execution privileges and no user interaction required. The incident is described...
CVE-2022-20531
The provided connected documents confirm CVE-2022-20531 affects Android’s Telecom component, describing a side-channel information disclosure that lets an app determine if another app is installed without query permissions. This enables local information disclosure with no extra execution privile...
CVE-2022-21765
CVE-2022-21765 affects the CCCI component. The root cause is a missing bounds check that enables an out-of-bounds write, leading to local escalation of privilege with SYSTEM-level execution rights. Exploitation reportedly does not require user interaction. A patch is referenced (Patch ID: ALPS066...
CVE-2022-22267
Samsung ActivityMetricsLogger on mobile devices is affected by CVE-2022-22267: an implicit intent hijacking flaw that can disclose information about a running application. The vulnerability is tied to ActivityMetricsLogger before SMR Jan-2022 Release 1. Documented impact is information disclosure...
CVE-2022-26095
CVE-2022-26095 affects the libsimba library, with a null pointer dereference in the parser_colr function prior to Samsung SMR Apr-2022 Release 1, enabling out-of-bounds writes by a remote attacker. Impacts and mitigations from connected docs indicate vulnerable component is the parser_colr code p...
CVE-2022-26429
CVE-2022-26429 concerns a missing permission check in the cta component, enabling an app to write permission usage records. This constitutes a local privilege escalation vulnerability with a LOCAL attack vector, LOW privileges required, and NO user interaction needed. The NVD entry cites a patch ...
CVE-2022-26436
The vulnerability CVE-2022-26436 affects the emi mpu component and is caused by a missing bounds check, leading to an out-of-bounds read. This can lead to local information disclosure with System execution privileges required, and no user interaction is needed. A patch identified as ALPS07023666 ...
CVE-2022-32612
CVE-2022-32612 concerns a possible memory-use-after-free in the MediaTek/vcu stack caused by a race condition. Reported as enabling local escalation of privilege with System execution privileges required and no user interaction needed. Multiple sources confirm the issue, but public details about ...
CVE-2022-33687
Exposure of Sensitive Information in telephony-common.jar prior to the Samsung SMR July‑2022 Release 1 allows a local attacker with log access to obtain IMSI from device logs. The issue stems from information disclosure in telephony-common.jar on Samsung mobile devices. Affected component: teleph...
CVE-2022-33694
CVE-2022-33694 is an exposure of sensitive information in the Samsung CSC application on Samsung Mobile devices. The root issue is disclosure of wifi information through unprotected intent broadcasting within the CSC app prior to the SMR July 2022 release 1. The vulnerability permits a local atta...
CVE-2022-33697
CVE-2022-33697 corresponds to a local information-disclosure vulnerability in Samsung ImsCore, specifically ImsServiceSwitchBase, where IMSI can be exposed via device logs. Affected software: ImsCore prior to SMR Jul-2022 Release 1. Root cause: failure to protect sensitive information in logs; re...
CVE-2022-38680
In CVE-2022-38680, the vulnerability is in the WLAN driver where a missing parameter check can allow local denial of service against WLAN services. Affected component: WLAN driver (details on exact versions not provided). Root cause: insufficient validation of parameters leading to resource disru...
CVE-2022-38683
CVE-2022-38683 affects the contacts service, where a missing permission check could allow local denial of service without additional execution privileges. Public documents consistently describe a local, privilege-check issue in the contacts service as the root cause. The CVSS vector indicates LOC...
CVE-2022-38686
The documents confirm a vulnerability in the wlan driver caused by a missing parameter check, enabling local denial of service in wlan services. Affected component: wlan driver (no specific vendor or version provided in the sources). Root cause: insufficient input validation leading to a service ...
CVE-2022-39114
CVE-2022-39114 describes a missing permission check in the Music service that can lead to a local denial of service without requiring additional execution privileges. The NVD entry assigns a CVSS v3.1 base score of 5.5 (Local, Low attack complexity, Low privileges required, Availability impact), ...
CVE-2022-39126
CVE-2022-39126 affects the sensor driver with an out-of-bounds write caused by a missing bounds check, leading to local kernel denial of service. Multiple sources (NVD, Red Hat, CNNVD, PRION, etc.) reproduce the description and tie it to Unisoc chipsets (sensor driver). The documents do not provi...
CVE-2022-42541
CVE-2022-42541 is a Remote Code Execution vulnerability associated with Google Chromecast/Android Secure Monitor (AMLogic). Public sources in the connected documents describe a critical impact (CVSS v3.1: 9.8, Network attack vector, no authentication, no user interaction) affecting confidentialit...
CVE-2022-42765
CVE-2022-42765 concerns a missing bounds check in the wlan driver, leading to local denial of service in wlan services. The Red Hat/NVD descriptions and related feeds consistently cite a bound-check omission in the wlan driver as the root cause, with local attacker context and impact on availabil...
CVE-2022-44444
The CVE-2022-44444 entry concerns a vulnerability in the WLAN driver caused by a missing bounds check. Affects the WLAN driver component and could lead to local denial of service in WLAN services. Exploitation details, affected versions, and a confirmed patch/remediation are not disclosed in the ...
CVE-2022-47327
CVE-2022-47327 affects WLAN driver components with a missing permission check that can lead to local information disclosure. Multiple connected sources (including Red Hat, NVD, CNNVD) corroborate the core flaw: unauthorized local access to sensitive information due to insufficient privilege valid...
CVE-2022-47364
The CVE-2022-47364 entry concerns a vulnerability in the wlan driver caused by a missing bounds check, enabling an out-of-bounds write that could lead to local denial of service in wlan services. Documents consistently identify the affected component as the wlan driver and describe the impact as ...
CVE-2022-48234
CVE-2022-48234 affects UNISOC chipsets’ FM service module. The entry notes a missing parameter check in FM service, enabling local denial of service. Documents list NVD/Red Hat/CVE records with CVSS v3.1 metrics (AV:L, AC:L, PR:L/H, UI:N, S:U, C:N/I:N/A:H) and a base score around 5.5 (NVD) or 4.4...
CVE-2023-20611
CVE-2023-20611 concerns a race-condition related use-after-free in the GPU component, leading to local escalation of privilege with SYSTEM privileges required and no user interaction. Patch ALPS07588678/ALPS07588678 is referenced. Multiple sources (NVD, Red Hat, CVE listings) corroborate the same...
CVE-2023-20613
The CVE-2023-20613 entry refers to a vulnerability in the MediaTek ril component where a missing bounds check allows an out-of-bounds write, potentially enabling local escalation of privileges to SYSTEM with no user interaction required. Exploitation status is not detailed in the documents, but t...
CVE-2023-20716
CVE-2023-20716 concerns the wlan component in MediaTek chips, where an out-of-bounds write occurs due to a missing bounds check in the WLAN driver. This can lead to local escalation of privileges with System execution rights, and no user interaction is required. Reported patch: ALPS07796883 (Issu...
CVE-2023-20742
CVE-2023-20742 affects the ril module in MediaTek devices, with an out-of-bounds read caused by a missing bounds check. This could lead to local information disclosure and, potentially, system execution privileges, with no user interaction required. The vulnerability is documented across multiple...
CVE-2023-20790
The CVE-2023-20790 entry maps to MediaTek devices with an nvram module vulnerability caused by a missing bounds check, leading to an out-of-bounds write. This can result in local information disclosure and, per the description, requires system execution privileges with no user interaction. Public...
CVE-2023-21309
CVE-2023-21309 affects libcore (Android). The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure without extra privileges or user interaction. Exploitation details beyond this are not provided in the supplied documents. No sp...
CVE-2023-21313
CVE-2023-21313 affects Android Core with a missing permission check that allows forwarding calls without user knowledge, enabling local elevation of privilege. Exploitation requires Local access; UI interaction is not needed. The CVSSv3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates hig...
CVE-2023-21343
CVE-2023-21343 affects Android’s ActivityStarter where an unsafe PendingIntent can trigger a background activity launch, enabling local elevation of privilege without user interaction. Affected component: ActivityStarter (framework). Root cause: unsafe PendingIntent that can be exploited locally....
CVE-2023-21353
CVE-2023-21353 affects a component labeled NFA in Android, where a missing bounds check can cause an out-of-bounds read. The resulting vulnerability leads to remote information disclosure without requiring privileges or user interaction. Documents consistently describe the impact as information d...
CVE-2023-35691
Technical details about CVE-2023-35691 are not publicly provided in the supplied documents. No concrete affected products, versions, or remediation are present. Monitor for updates.
CVE-2023-40637
CVE-2023-40637 involves UNISOC chipsets’ telecom service where a missing permission check could allow local information disclosure without executing code or elevating privileges. The NVD entry notes a local attack vector with low adversarial effort and low privileges required, exposing high-confi...
CVE-2023-52352
Summary: CVE-2023-52352 concerns the Network Adapter Service where a missing permission check could allow local denial of service without extra execution privileges. The connected documents link this vulnerability to UNISOC chipsets and multiple trackers (Red Hat, NVD, CVE list, PT Security, CNNV...
CVE-2024-20021
The CVE-2024-20021 issue affects the ARM Trusted Firmware (ATF) SPM component and stems from a logic error that allows remapping of physical memory to virtual memory. This could enable local privilege escalation with System execution privileges (S-mode) required, and exploitable without user inte...