334 matches found
CVE-2023-21318
CVE-2023-21318 affects the Android Framework layer in Android 14, where a side-channel information disclosure could allow an attacker to infer whether an arbitrary app is installed. The NVD entry describes a local attack with low complexity, requiring low privileges and no user interaction, leadi...
CVE-2023-21338
CVE-2023-21338 affects Android’s Input Method. The issue is a side-channel information disclosure that lets an app determine whether another app is installed without query permissions, enabling local elevation of privilege with no additional execution privileges required. The Android 14 security ...
CVE-2023-21344
CVE-2023-21344 affects Android’s Job Scheduler. The issue enables a local attacker to determine whether an app is installed via a side-channel information disclosure, without query permissions and with no user interaction. Impact is local information disclosure; exploitation requires local access...
CVE-2023-21349
In CVE-2023-21349, the Android Package Manager exposes a side-channel to determine whether an app is installed without query permissions, enabling local information disclosure with no privileges required and no user interaction. Multiple connected sources (NVD entry and Red Hat/CVE pages, CNVD, a...
CVE-2014-9963
CVE-2014-9963 describes a buffer overflow in WideVine DRM present in Android CAF builds using the Linux kernel. The connected sources confirm a DRM component buffer overflow, implying potential arbitrary code execution under certain conditions, with CVSS indicating HIGH severity (local access, us...
CVE-2014-9965
Technical details about CVE-2014-9965 are not publicly available in the provided connected documents. The descriptions restate the parsing issue in Android CAF/Linux SCM call handling; monitor for updates from the cited sources.
CVE-2015-9003
In CVE-2015-9003, a cryptographic issue in TrustZone could potentially affect all Android releases from CAF using the Linux kernel. The connected documents identify TrustZone/Android CAF/Linux kernel as the affected area, but do not provide detailed root cause, affected subcomponents, specific vu...
CVE-2015-9039
Summary: CVE-2015-9039 affects the Qualcomm eMBMS component in Android CAF builds that use the Linux kernel. The root cause is an assertion that can be reached by a sequence of downlink messages in eMBMS, enabling a potential unauthorized operation. The vulnerability has a high/critical impact pr...
CVE-2015-9046
Technical details about CVE-2015-9046 are not publicly provided in the supplied documents. No specific impact, affected products, or fixes are disclosed here. Monitor for updates.
CVE-2015-9050
CVE-2015-9050 describes an out-of-bounds access during a CA call in Qualcomm CAF Android/Linux kernel components. The NVD entry assigns CRITICAL risk (CVSS3: 9.8) with network attack vector and no user interaction. Connected documents refer to Qualcomm/Android out-of-bounds issues but do not prov...
CVE-2015-9052
CVE-2015-9052 affects Qualcomm components in Android CAF builds using the Linux kernel LTE stack; the issue is an assertion that can be reached while processing a downlink message. The provided documents do not specify affected product versions, exact root cause details, exploit status, or availa...
CVE-2016-10337
Technical details for CVE-2016-10337 are not publicly available in the provided connected documents. The materials confirm a generic Android/Linux kernel validation issue but do not specify affected products, versions, exploitability, impact, or fixes. Monitor for updates.
CVE-2016-10382
CVE-2016-10382 affects Qualcomm products running CAF Android builds on the Linux kernel. The issue is insufficient access control for the I2C bus, enabling potential improper access. Public details consistently describe it as a high-severity vulnerability with a CVSSv3 base score of 9.8 (CRITICAL...
CVE-2016-5872
CVE-2016-5872 affects Qualcomm components in Android CAF builds that use the Linux kernel, where arguments to several QTEE syscalls are not properly validated. This could allow a crafted input to impact or compromise the kernel under affected conditions, with the CVSS indicating a high-severity, ...
CVE-2017-8238
CVE-2017-8238 affects Android CAF builds that use the Linux kernel, with a buffer overflow in a camera function. Documented impact indicates high severity (I/H/A) and local exploitability (CVSSv3: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H); CVSSv2 references network vector in that scheme. Connected rec...
CVE-2017-8253
CVE-2017-8253 affects Qualcomm components in Android CAF builds using the Linux kernel. The issue can allow kernel memory overwrite when an invalid master is sent from userspace, leading to elevation of privilege within the kernel context. The initial document lists it as a high-severity, EoP-typ...
CVE-2023-21303
CVE-2023-21303 is an information-disclosure flaw affecting Android where an attacker can infer whether an app is installed via a side channel without query permissions. It enables local information leakage with no user interaction and requires only local access. Android 14 release notes indicate ...
CVE-2023-21316
CVE-2023-21316 affects Google Android: an information-disclosure side channel in content that lets an app determine whether another app is installed without query permissions. Local attack with no user interaction; no explicit exploit details or affected versions are provided in the documents. Re...
CVE-2014-9977
CVE-2014-9977 describes a buffer overflow in the PlayReady DRM within Qualcomm closed‑source components used by Android CAF on Linux, enabling potential arbitrary code execution or denial of service as described in linked CNVD/NVD entries. Affected: Qualcomm PlayReady DRM in Android CAF/Linux ker...
CVE-2014-9978
CVE-2014-9978 (and related CNVD-2017-25680) describes a buffer overflow in the QTEE service of Qualcomm closed‑source components used by Android CAF/Linux kernels. The vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service within Qualcomm/Android enviro...
CVE-2015-9021
CVE-2015-9021 describes a security issue where, in all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. The entry lists a MEDIUM overall impact (CVSS2: AV:N/AC:M/Au:N/C:N/I:N/A:P; CVSS3: LOCAL, LOW/L, NONE to partial impacts) and indicates no public...
CVE-2023-21311
CVE-2023-21311 describes an information-disclosure vulnerability in Android Settings where a permissions bypass could let a secondary user control private DNS settings. Exploitation is local (ATT&CK-like, not remote), requires no user interaction, and could disclose private information without ad...
CVE-2015-9049
CVE-2015-9049 is corroborated by connected sources describing an input-validation vulnerability in Qualcomm’s closed‑source components (USIM handling) within Android CAF Linux environments. CNVD-2017-26834 outlines an unauthorized-operations flaw in the Qualcomm Android component causing remote e...
CVE-2023-21341
CVE-2023-21341 concerns Android’s Permission Manager, where a missing permission check can bypass required permissions, enabling local elevation of privilege. The issue is described as a local, low-privilege escalation with no user interaction required. Affected product/area: Android components r...
CVE-2015-0574
CVE-2015-0574 is described in multiple sources as a file system input validation vulnerability in Qualcomm components used in Android CAF builds on the Linux kernel. The root cause is insufficient validation of filesystem access, which could enable an attacker to execute arbitrary code. Concrete ...
CVE-2015-9060
CVE-2015-9060 affects Qualcomm products with CAF Android builds using the Linux kernel. The issue is a pointer validation flaw in a QTEE system call, as described in the CVE description. The connected documents confirm the root cause (improper pointer validation) and the affected context (Qualcom...
CVE-2023-21300
Summary: CVE-2023-21300 affects Android’s PackageManager and arises from a side-channel information disclosure that allows a local attacker to infer whether an app is installed without query permissions. This is described as a local information disclosure with no additional execution privileges r...
CVE-2023-21308
CVE-2023-21308 : In Composer, a missing bounds check allows an out-of-bounds read which could enable local escalation of privilege without user interaction. Exploitation details/affected versions are not disclosed in the provided documents. No patch/remediation information is included here. If ex...
CVE-2015-9038
CVE-2015-9038 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel. Description: a NULL pointer may be dereferenced in the front end, caused by NULL pointer usage in the vulnerable path. Root cause: NULL pointer dereference. Impact: potential crash or denial of s...
CVE-2016-5862
CVE-2016-5862 affects Qualcomm-based Android for MSM codecs; the vulnerability arises when a codec control issued from userspace is cast to the container structure rather than the codec’s own structure. This type confusion can lead to a kernel crash and a subsequent device restart on affected Qua...
CVE-2015-9043
CVE-2015-9043 is described in connected sources as a NULL pointer dereference vulnerability affecting Qualcomm components in Android CAF builds using the Linux kernel. The root cause, as stated, is a NULL pointer dereference on timer expiry, with impact described as high/critical in CVSS terms. T...
CVE-2023-21323
CVE-2023-21323 is an information-disclosure vulnerability in Android's Activity Manager that could let a local attacker determine whether an app is installed without query permissions. The issue stems from a side-channel disclosure, requiring no user interaction and no additional execution privil...
CVE-2023-21345
CVE-2023-21345 is described as an information-disclosure issue in Android’s Game Manager Service where an attacker can determine if an app is installed without query permissions via a side-channel. The available documents indicate local exploitation with no user interaction and a low overall risk...
CVE-2025-21024
Samsung Smart View before Android 16 is affected by CVE-2025-21024 due to the use of implicit intents for sensitive communication, enabling local attackers to access sensitive information through the affected component. The issue is described across multiple sources as a vulnerability in Smart Vi...