8153 matches found
CVE-2018-21054
CVE-2018-21054 describes an integer underflow causing a buffer overflow in eCryptFS on Samsung mobile devices running M(6.0), N(7.x), and O(8.x) (with some model/version exclusions). Affected component is eCryptFS; root cause is underflow leading to overflow, with potential impact across confiden...
CVE-2018-9345
CVE-2018-9345 affects Android’s BnAudioPolicyService (AudioPolicyService.cpp). The issue is information disclosure due to uninitialized data, enabling local information disclosure with no extra privileges and no user interaction required. Multiple connected sources confirm the same description. P...
CVE-2019-20530
CVE-2019-20530 affects Samsung mobile devices running N(7.1), O(8.x), P(9.0) and Q(10.0). The vulnerability enables arbitrary code execution on the lock screen, linked to Samsung identifier SVE-2019-15266. Public sources in the provided set reiterate the description but do not disclose root cause...
CVE-2019-20776
Technical details (affected products, components, root cause, versions, or fixes) are not publicly available in the provided connected documents. Monitor for updates; current sources only reiterate a crash in TZ trusted apps on LG Android 7.x–8.1 with crafted input.
CVE-2019-2079
CVE-2019-2079 affects Android 10 via the libxaac library, where an out-of-bounds read due to a missing bounds check could lead to information disclosure. The vulnerability targets a library/file within the Android stack and is exploitable with user interaction; no explicit remote code execution i...
CVE-2019-2200
CVE-2019-2200 affects Android 10 where updatePermissions in PermissionManagerService.java could allow a malicious app to bypass a custom-permission check, enabling local privilege escalation with full confidentiality/ integrity/ availability impact as described. Root cause: permission bypass with...
CVE-2019-2212
CVE-2019-2212 concerns an out-of-bounds read in the Poisson_distribution of random, enabling local information disclosure without extra privileges or user interaction. Affected products/versions (from provided docs): Android 8.0–10. The root cause is a read that can leak information from memory i...
CVE-2019-9468
The CVE-2019-9468 issue affects Android 10 and is caused by a double free in export_key_der inside export_key.cpp, leading to memory corruption and local privilege escalation without user interaction. The vulnerability is categorized as EoP with high impact, as reflected in the Pixel Update Bulle...
CVE-2020-0064
CVE-2020-0064 is a MediaTek-specific issue (component: Omacp) documented in the Android May 2020 bulletin. It is classified as Information Disclosure (ID) with High severity and is linked to Android patch levels 2020-05-01 and later. The vulnerability arises from improper authorization when proce...
CVE-2020-0088
CVE-2020-0088 affects Android 10 and is caused by an issue in parseTrackFragmentRun within MPEG4Extractor.cpp that can lead to resource exhaustion and a remote Denial of Service. Exploitation requires user interaction. The description does not specify the exact vulnerable versions beyond Android-...
CVE-2020-0201
CVE-2020-0201 affects Android 10 with a vulnerability in WifiConfigController.java (showSecurityFields) that can leak credentials due to a confused deputy, enabling remote elevation of privilege without additional privileges or user interaction. The issue is documented in multiple sources; applic...
CVE-2020-0293
CVE-2020-0293 affects Android 11 via the Java network APIs where a missing permission check can allow access to sensitive network state, leading to local information disclosure without extra execution privileges. The vulnerability is described as requiring no user interaction for exploitation and...
CVE-2020-0477
CVE-2020-0477 affects Android 11, describing an information disclosure in the Android framework. In ClientModeImpl.java, there is a missing permission check in sendLinkConfigurationChangedBroadcast that can allow local disclosure of the current network configuration without extra privileges or us...
CVE-2020-12745
CVE-2020-12745 affects Samsung mobile devices running Q(10.0). The issue enables bypass of the locked-state protection to read clipboard content via USSD. The root cause is described as a protection bypass, but no further technical details or affected versions are provided in the connected docume...
CVE-2020-26607
Summary: CVE-2020-26607 describes a privilege-escalation issue in Samsung’s TimaService where a PendingIntent with an empty intent can be exploited by modifying the intent to perform a privileged action on affected devices (Samsung Android O(8.x), P(9.0), Q(10.0)). The Samsung vulnerability ID is...
CVE-2021-0351
In the Android WLAN driver, CVE-2021-0351 is an out-of-bounds write vulnerability due to a missing bounds check, leading to remote denial of service without user interaction or privileges. Affected products/versions include Android 8.1–11; patch ALPS05412917 is available. Monitor for updates and ...
CVE-2021-0360
CVE-2021-0360 concerns an out-of-bounds write in the netdiag component caused by an incorrect bounds check. According to the provided documents, this could allow local escalation of privilege with System execution privileges, and does not require user interaction. Affected products listed are And...
CVE-2021-0374
CVE-2021-0374 affects Android 11 with a vulnerability in BnAudioPolicyService::onTransact (IAudioPolicyService.cpp) where a missing bounds check allows an out-of-bounds read, enabling local information disclosure with System privileges and no user interaction. Documented impact: confidentiality i...
CVE-2021-0404
CVE-2021-0404 concerns MediaTek’s mobile_log_d on Android 11, where an input validation error can enable local information disclosure. The Red Hat entry and multiple aggregated sources confirm that exploitation does not require user interaction, but the impact involves potential disclosure of sen...
CVE-2021-0405
CVE-2021-0405 affects Android 10 and Android 11, where the MediaTek performance driver’s out-of-bounds write stems from a missing bounds check in the driver code. This can permit local escalation of privilege to System execution level without user interaction, as described in multiple sources (in...
CVE-2021-25500
CVE-2021-25500 describes a missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 that allows attackers to overwrite TZASC , potentially causing a TEE compromise on Samsung mobile devices. The vulnerability affects versions prior to that release. The underlying issue is a lack of i...
CVE-2022-20012
CVE-2022-20012 affects the mdp driver and describes memory corruption caused by an integer overflow, enabling local privilege escalation without requiring user interaction. Multiple sources (NVD, Red Hat, CVE records) consistently cite the issue and a patch identified as ALPS05836478. The exploit...
CVE-2022-20015
CVE-2022-20015 affects the kd_camera_hw driver. The issue is information disclosure caused by uninitialized data, enabling local information disclosure with system privileges; exploitation does not require user interaction. A patch/workaround is identified as Patch ID: ALPS05862966 (Issue ID: ALP...
CVE-2022-20247
CVE-2022-20247 is reported as a media processing issue in Android 13 where an out-of-bounds read due to a heap buffer overflow could allow remote information disclosure without user interaction. Documents consistently tie the vulnerability to Android 13 and the Media component, with CVSSv3.1 base...
CVE-2022-20265
CVE-2022-20265 concerns Android 13 where the Settings component allows a permissions bypass that can lead to local elevation of privilege with physical access and no user interaction. Affected product: Android 13 (Settings). Root cause: a permissions bypass in the Settings flow that bypasses fact...
CVE-2022-20303
CVE-2022-20303 (Android 13) in ContentService: a missing permission check allows an account-detection information disclosure without GET_ACCOUNTS permission. Local attacker with low privileges and no user interaction can reveal whether an account exists on the device. Mitigation is included in An...
CVE-2022-20332
CVE-2022-20332 affects Android 13 and involves the PackageManager. The issue allows an app to infer whether another app is installed via a side-channel information disclosure, resulting in local information disclosure without extra execution privileges. Exploitation is described as local with no ...
CVE-2022-20340
CVE-2022-20340 affects Android 13 with a missing permission check in SELinux policy that can let a local attacker infer which websites are opened in the browser, causing a local information disclosure without additional privileges or user interaction. Root cause: improper SELinux policy allows in...
CVE-2022-26449
Summary: CVE-2022-26449 concerns the MediaTek Apusys component, with an out-of-bounds write caused by a missing bounds check that can enable local privilege escalation without user interaction. Affected component: apusys (MediaTek Apusys chipset). Root cause and impact (as stated): out-of-bounds ...
CVE-2022-26473
CVE-2022-26473 concerns a use-after-free in the vdec fmt component caused by improper locking, enabling local privilege escalation with System privileges required. Exploitation status is not detailed in the provided documents. Multiple sources (NVD, Red Hat, CVE lists, CNVD, PRION, CNNVD, PRON, P...
CVE-2022-30720
CVE-2022-30720 concerns an improper input validation logic in libsmkvextractor used by Samsung Mobile. The issue, tracked across multiple feeds, states that prior to SMR Jun-2022 Release 1 an attacker could trigger a crash, indicating a stability/availability impact. Concrete details confirm the ...
CVE-2022-30724
CVE-2022-30724 (Samsung Mobile Bluetooth Information Disclosure) : The vulnerability arises from broadcasting the BluetoothDevice object in the sendIntentSessionCompleted function without properly restricting receivers, which leaks the MAC address of the connected Bluetooth device. This affects S...
CVE-2022-30725
CVE-2022-30725 refers to a Bluetooth issue in Samsung devices where a broadcast Intent that includes a BluetoothDevice object is not properly restricted to recipients in the sendIntentSessionError function, prior to the SMR Jun-2022 Release 1. This leads to leakage of the connected device’s MAC a...
CVE-2022-32624
CVE-2022-32624 describes an out-of-bounds write caused by an incorrect buffer-size calculation in the throttling mechanism. This can lead to local escalation of privileges with SYSTEM-level execution privileges. Exploitation is described as local and does not require user interaction. The issue i...
CVE-2022-32625
CVE-2022-32625 describes an out-of-bounds write caused by an incorrect bounds check in the display path, with potential local escalation to SYSTEM privileges and no user interaction required. Multiple connected sources reference MediaTek chips as affected and note the vulnerability’s impact on co...
CVE-2022-36868
The issue in CVE-2022-36868 affects Samsung Mobile devices with the MouseNKeyHidDevice before SMR Oct-2022 Release 1. The root cause is an improper restriction of broadcasting an Intent, which leaks the MAC address of the connected Bluetooth device. Impact is limited to exposure of MAC address; n...
CVE-2022-38677
Summary (CVE-2022-38677) : Multiple sources describe a vulnerability in the cell service caused by a missing permission check, enabling local denial of service without requiring additional privileges. Reported impact is availability degradation; CVSSv3.1 base score ~5.5 (Medium) with local attack...
CVE-2022-39088
CVE-2022-39088 : A missing permission check in a network service affecting UNISOC chipsets can lead to local privilege escalation to SYSTEM execution privileges. The entry lacks explicit affected product versions or a published fix in the provided documents. Exploitation status is not disclosed. ...
CVE-2022-39096
CVE-2022-39096: A missing permission check in the power management service is documented, potentially allowing setup of the service with no additional execution privileges. Affected context across multiple sources centers on a local-privilege scenario with high impact (confidentiality, integrity,...
CVE-2022-39112
CVE-2022-39112 describes a vulnerability in the Music service where a missing permission check can lead to local denial of service with no additional execution privileges required. The issue is consistently described across multiple sources (NVD/Red Hat/PRION/CNVD/etc.) as a lack of access contro...
CVE-2022-39123
CVE-2022-39123 describes a potential out-of-bounds write in the sensor driver due to a missing bounds check, which could lead to local denial of service in the kernel. The public documents consistently state this issue but do not provide concrete exploitation details, affected product versions, o...
CVE-2022-39127
The CVE-2022-39127 entry concerns a vulnerability in a sensor driver where a missing bounds check can cause an out-of-bounds write, leading to local denial of service in the kernel. The issue is described across multiple sources (NVD/Red Hat/CNNVD) as affecting the sensor driver (kernel level); C...
CVE-2022-39851
CVE-2022-39851 affects CocktailBarService on Samsung Mobile devices prior to SMR Oct-2022 Release 1. The issue is due to improper access control, enabling a local attacker to bind a service that requires the BIND_REMOTEVIEWS permission. The vulnerability is mitigated by updating to SMR Oct-2022 R...
CVE-2022-39905
CVE-2022-39905 is an implicit intent hijacking vulnerability in the Samsung Telecom application prior to the SMR-DEC-2022 Release 1. The fault is a misused implicit intent that allows an attacker to access sensitive information via intents, with impact described as confidential data exposure and ...
CVE-2022-42760
The records collectively describe CVE-2022-42760 as a vulnerability in the WLAN driver (notably for UNISOC chipset implementations) where a missing bounds check could allow local denial of service in WLAN services. Affected component: WLAN driver; root cause: out-of-bounds-like condition due to i...
CVE-2022-42776
CVE-2022-42776 affects the UscAIEngine service, with a missing permission check that could allow setting up the service without requiring additional execution privileges. The issue is described consistently across NVD/Red Hat records and related feeds as a privilege-check bypass within the UscAIE...
CVE-2022-44423
CVE-2022-44423 involves a missing permission check in the music service that could trigger a local denial-of-service in the contacts service without requiring additional privileges. Connected sources reference UNISOC chipsets and reiterate the issue as a local DoS vector, but do not provide concr...
CVE-2022-44433
The connected sources describe CVE-2022-44433 as a vulnerability in UNISOC Chipsets’ phoneEx service module where a missing permission check allows local escalation of privilege with no additional execution privileges. The issue is tied to the phoneEx service component and is characterized by a l...
CVE-2022-44442
The CVE-2022-44442 entry concerns the WLAN driver, where a missing bounds check in the WLAN driver could allow local denial of service in WLAN services. This risk is supported by multiple sources (NVD text reiterates the local DoS outcome; Red Hat and others describe the same bound-check issue in...
CVE-2022-47342
CVE-2022-47342: Affected via engineermode services on Unisoc chipsets; root cause is a missing permission check that allows local access to sensitive engineermode functionality, causing local denial of service. Impact is indicated as High for availability with local attack vector and low privileg...