Lucene search
K

1555 matches found

CVE
CVE
added 2024/04/05 8:2 p.m.2316 views

CVE-2024-29740

CVE-2024-29740 concerns a vulnerability in the tmu_set_table function of tmu.c that enables an out-of-bounds write due to a missing bounds check. Public descriptions across multiple sources (NVD, Red Hat, CVE lists, Android Pixel bulletin) consistently state this could allow local escalation of p...

7.4CVSS7.1AI score0.00102EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.1456 views

CVE-2021-0920

CVE-2021-0920 is confirmed with concrete details in the connected sources: a race condition in unix_scm_to_skb within af_unix.c can trigger a use-after-free, potentially enabling local privilege escalation on the Android kernel. The vulnerability affects the Linux kernel used in Android (via the ...

6.9CVSS7.1AI score0.00811EPSS
In wild
CVE
CVE
added 2019/10/11 6:16 p.m.1426 views

CVE-2019-2215

CVE-2019-2215 is a use-after-free in the Android binder driver (binder.c) that enables local privilege escalation from an app to the Linux kernel. The issue is local, with no user interaction required, and exploitation may lead to memory corruption, denial of service, or escalation per the cited ...

7.8CVSS7.5AI score0.72105EPSS
In wild
CVE
CVE
added 2022/03/16 2:4 p.m.1211 views

CVE-2021-39793

Summary of CVE-2021-39793 : A vulnerability in the Mali GPU kernel driver (kbase_jd_user_buf_pin_pages in mali_kbase_mem.c) causes an out-of-bounds write due to a logic error. This can enable local privilege escalation with no required user interaction. Affected: Android devices using Mali GPU ke...

7.8CVSS7.7AI score0.00726EPSS
In wild
CVE
CVE
added 2023/03/24 12:0 a.m.1166 views

CVE-2023-21036

The CVE-2023-21036 issue affects Google Pixel devices' Markup tool (BitmapExport.java) where a logic error prevents proper truncation of image data after edits, potentially leaving remnants of the original image in cropped/edited PNGs. Public sources (NVD/NVD entry, CVE lists) describe a local, p...

5.5CVSS5.3AI score0.00499EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.1147 views

CVE-2021-1048

CVE-2021-1048 is a use-after-free in Android's upstream Linux kernel ep_loop_check_proc (eventpoll.c) that can cause memory corruption and local privilege escalation without user interaction. The issue existed in the Android kernel but upstream Linux patched it; Android device patch timing varied...

7.8CVSS7.6AI score0.01047EPSS
In wild
CVE
CVE
added 2020/03/10 7:56 p.m.1140 views

CVE-2020-0041

CVE-2020-0041 affects the Android kernel binder subsystem: in binder_transaction there is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation with no user interaction. The vulnerability is documented across multiple advisories (upstream kernel/UTSA entr...

7.8CVSS7.6AI score0.03246EPSS
In wild
CVE
CVE
added 2020/03/10 7:56 p.m.1130 views

CVE-2020-0069

The CVE-2020-0069 issue affects MediaTek CMDQ driver ioctl handlers in Android kernel, where insufficient input sanitization and missing SELinux restrictions can cause an out-of-bounds write, enabling local privilege escalation without extra privileges or user interaction. Public material confirm...

7.8CVSS7.8AI score0.01299EPSS
In wild
CVE
CVE
added 2024/12/04 11:36 p.m.964 views

CVE-2018-9416

CVE-2018-9416 concerns memory corruption in the Linux kernel SCSI driver, specifically in sg_remove_scat (scsi/sg.c). The root cause is described as an unusual root cause leading to local escalation of privilege with System execution privileges needed; no user interaction required. Connected docu...

10CVSS7AI score0.00165EPSS
CVE
CVE
added 2024/05/07 9:1 p.m.876 views

CVE-2024-0042

Technical details are not publicly available in the provided documents. No affected products/versions or remediation specifics are listed. Monitor for updates.

7.8CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2025/01/17 11:17 p.m.767 views

CVE-2018-9401

CVE-2018-9401 describes a kernel memory access vulnerability in user space caused by an incorrect bounds check, enabling local privilege escalation without extra execution privileges and with no user interaction. Connected documents indicate this CVE is associated with Google Pixel/Nexus devices ...

7.8CVSS8.7AI score0.00095EPSS
CVE
CVE
added 2019/09/06 9:49 p.m.603 views

CVE-2019-9456

CVE-2019-9456 stems from the Android kernel Pixel C USB monitor driver. The issue is an out-of-bounds write caused by a missing bounds check in the Pixel C USB monitor driver, enabling local escalation of privilege to System with no user interaction required. This is described in the CVE entry as...

6.7CVSS7.3AI score0.00197EPSS
CVE
CVE
added 2024/08/19 4:47 p.m.574 views

CVE-2024-32927

CVE-2024-32927 affects Google's Pixel devices via the RadioExt.cpp function sendDeviceState_1_6, where a use-after-free due to improper locking is reported. The vulnerability enables local escalation of privilege with no additional execution privileges required and no user interaction needed, per...

7.8CVSS7.5AI score0.00082EPSS
CVE
CVE
added 2025/01/17 11:17 p.m.556 views

CVE-2018-9405

CVE-2018-9405 describes a potential out-of-bounds write in BnDmAgent::onTransact (dm_agent.cpp) due to a missing bounds check, enabling local privilege escalation to System level without user interaction. Affected context shown in multiple sources (Android Pixel/Nexus bulletin references and vend...

6.7CVSS8.8AI score0.00103EPSS
CVE
CVE
added 2019/09/06 9:49 p.m.551 views

CVE-2019-9458

CVE-2019-9458 is a Linux kernel video driver use-after-free caused by a race condition, leading to local privilege escalation without user interaction. Multiple connected advisories confirm the issue exists in the Android/Linux kernel/video driver stack and note kernel fixes are needed; no public...

7CVSS7.1AI score0.00171EPSS
CVE
CVE
added 2025/01/17 11:14 p.m.517 views

CVE-2018-9387

CVE-2018-9387 affects the mnh-sm.c component and describes a heap/heap-buffer overflow caused by an integer overflow. The vulnerability enables local escalation of privilege with no additional execution privileges and does not require user interaction. Connected sources (Red Hat, NVD, CVE lists, ...

7.8CVSS9.1AI score0.00103EPSS
CVE
CVE
added 2019/08/14 4:27 p.m.514 views

CVE-2019-9506

CVE-2019-9506 affects Bluetooth KNOB (Key Negotiation of Bluetooth) by allowing nearby attackers to influence encryption key length during BR/EDR negotiation, enabling potential eavesdropping and ciphertext injection. Connected sources show this vulnerability being acknowledged by Apple across iO...

8.1CVSS8.4AI score0.02691EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.497 views

CVE-2018-9568

This CVE-2018-9568 entry concerns the Linux kernel socket code: In sk_clone_lock of sock.c, a memory corruption due to type confusion could allow local privilege escalation without user interaction. Affected product/version in the initial doc is Android kernel; connected MiracleLinux advisory con...

7.8CVSS7.9AI score0.00715EPSS
CVE
CVE
added 2020/12/14 9:50 p.m.489 views

CVE-2020-0466

CVE-2020-0466 is a use-after-free in eventpoll.c (do_epoll_ctl and ep_loop_check_proc) that can enable local privilege escalation without user interaction. Publicly documented in multiple advisories linked to kernel packages (Unity Linux UTSA-2026-004002/004258, MiracleLinux AXSA advisories, Cent...

7.8CVSS8.2AI score0.00268EPSS
CVE
CVE
added 2020/09/17 3:20 p.m.488 views

CVE-2020-0404

CVE-2020-0404 affects the Android kernel via a vulnerability in uvc_scan_chain_forward() in uvc_driver.c, where an unusual root cause can cause linked list corruption and local privilege escalation without user interaction. Upstream kernel reports indicate this is a kernel linked-list corruption ...

5.5CVSS6.4AI score0.00232EPSS
CVE
CVE
added 2019/09/06 9:51 p.m.461 views

CVE-2019-9455

CVE-2019-9455: In the Android kernel video driver, there is a kernel pointer leak caused by a WARN_ON statement, leading to local information disclosure with System execution privileges needed. Local exploitation is possible without user interaction. The connected Nessus advisories corroborate th...

2.3CVSS4.4AI score0.00179EPSS
CVE
CVE
added 2020/09/17 12:0 a.m.439 views

CVE-2020-0427

CVE-2020-0427 is confirmed in the connected documents as an Android kernel issue affecting the pinctrl subsystem (core.c). The vulnerability arises in create_pinctrl, where an out-of-bounds read can occur due to a use-after-free, potentially allowing local information disclosure without extra exe...

5.5CVSS5.8AI score0.00492EPSS
CVE
CVE
added 2025/09/04 5:10 a.m.432 views

CVE-2024-56189

CVE-2024-56189 describes an out-of-bounds read in SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c due to a missing bounds check. The available sources indicate this could allow remote information disclosure after authentication with no additional execution privileges and no user interaction requi...

6.5CVSS5.6AI score0.00253EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.431 views

CVE-2024-49739

CVE-2024-49739 describes an out-of-bounds write in the function MMapVAccess within pmr_os.c, caused by insufficient input validation. This could enable local privilege escalation with no required user interaction. The CVE is reflected across multiple sources (NVD, Red Hat, OSV) and is associated ...

4CVSS6.4AI score0.00102EPSS
CVE
CVE
added 2019/09/06 9:51 p.m.427 views

CVE-2019-9453

CVE-2019-9453 corresponds to an out-of-bounds read in the Android kernel F2FS touch driver, caused by improper input validation. This can enable local information disclosure and could potentially allow system-level privileges; exploitation requires local access with no user interaction. Publicly ...

4.4CVSS4.5AI score0.00179EPSS
CVE
CVE
added 2022/06/15 1:2 p.m.419 views

CVE-2022-20141

CVE-2022-20141 (Android kernel) : In igmp.c, the function ip_check_mc_rcu has a use-after-free due to improper locking, enabling local escalation of privilege when opening/closing inet sockets without extra privileges. This vulnerability is associated with the Android kernel and upstream referenc...

7CVSS7.4AI score0.00141EPSS
CVE
CVE
added 2020/12/14 9:50 p.m.417 views

CVE-2020-0444

CVE-2020-0444 affects the Android kernel. The issue is in audit_free_lsm_field in auditfilter.c, caused by a logic error in audit_data_to_entry that may allow local escalation of privilege with no extra privileges or user interaction. The connected Nessus advisories (Unity Linux UTSA-2026-004184/...

7.8CVSS8AI score0.00213EPSS
CVE
CVE
added 2024/11/19 1:30 a.m.411 views

CVE-2024-50302

CVE-2024-50302 affects the Linux kernel HID core by leaving the HID report buffer potentially uninitialized, enabling possible memory leakage via crafted reports. The fixed behavior is to zero-initialize the report buffer at allocation time. Public advisories (including AstraLinux and AlmaLinux f...

5.5CVSS6.6AI score0.00809EPSS
In wild
CVE
CVE
added 2023/08/14 8:59 p.m.404 views

CVE-2023-21264

CVE-2023-21264 affects the Linux kernel (ARM64 KVM) where a memory access check in mem_protect.c can permit access to hypervisor memory due to the check being in the wrong place. The result is local elevation of privilege to System execution level, with exploitation not requiring user interaction...

6.7CVSS6.9AI score0.00151EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.382 views

CVE-2021-0512

CVE-2021-0512 is a Linux kernel/Android-hid input issue: out-of-bounds write caused by a heap buffer overflow in __hidinput_change_resolution_multipliers of hid-input.c, enabling local privilege escalation with no user interaction. Affected: Android kernel HID input path; exploitation described a...

7.8CVSS7.8AI score0.00282EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.371 views

CVE-2023-20938

CVE-2023-20938 affects the Android kernel via binder_transaction_buffer_release in binder.c, causing a use-after-free due to improper input validation. This can enable local privilege escalation with no extra execution privileges required and without user interaction; the advisory consistently no...

8.1CVSS7.5AI score0.00332EPSS
CVE
CVE
added 2020/12/14 9:51 p.m.369 views

CVE-2020-0465

CVE-2020-0465 refers to the Android kernel HID multitouch vulnerability. In hid-multitouch.c, there is an out-of-bounds write due to a missing bounds check, which could enable local privilege escalation with no additional privileges and no user interaction required. The description confirms affec...

7.2CVSS7.6AI score0.00268EPSS
CVE
CVE
added 2023/07/12 11:53 p.m.365 views

CVE-2023-21400

CVE-2023-21400 affects the Linux kernel io_uring subsystem, specifically in multiple functions within io_uring.c where improper locking on rings with IOPOLL can cause kernel memory corruption. This memory corruption could enable local privilege escalation to kernel System execution privileges wit...

6.7CVSS7.1AI score0.00258EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.345 views

CVE-2024-32896

The CVE-2024-32896 issue is a local Elevation of Privilege (EoP) in the Android Framework affecting Pixel devices, caused by a logic error that could enable privilege escalation with no extra execution privileges. Exploitation requires user interaction per the description, with the Android bullet...

8.1CVSS6.8AI score0.0301EPSS
In wild
CVE
CVE
added 2023/05/15 12:0 a.m.318 views

CVE-2023-21102

CVE-2023-21102 is a local EoP vulnerability in the Android kernel related to a bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S. The issue enables local privilege escalation without user interaction, as documented in upstream kernel and Android May 2023 bulletin entri...

7.8CVSS7.4AI score0.00189EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.304 views

CVE-2023-20928

CVE-2023-20928 : A use-after-free in binder_vma_close of binder.c enables local privilege escalation due to improper locking. Exploitation requires no user interaction; impact is described as local escalation of privilege with high severity. Affected reference material cites upstream kernel chang...

7.8CVSS7.4AI score0.0018EPSS
CVE
CVE
added 2020/10/14 1:7 p.m.303 views

CVE-2020-0423

CVE-2020-0423 is a use-after-free in the Android/Linux binder driver (binder_release_work in binder.c) caused by improper locking. It enables local privilege escalation with no extra user interaction required. The description appears consistently across multiple connected sources (e.g., Astra Lin...

7.8CVSS7.4AI score0.00507EPSS
CVE
CVE
added 2019/09/06 9:44 p.m.301 views

CVE-2019-2182

CVE-2019-2182 is an Android/Linux kernel vulnerability in the MMU/arm64 memory management path. The issue is a race condition that can leave kernel text and rodata pages writable, enabling local privilege escalation without user interaction. The description in connected advisories confirms the ro...

7.8CVSS7.5AI score0.00217EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.297 views

CVE-2024-29745

CVE-2024-29745 affects Google Pixel devices in the bootloader component, with an information-disclosure flaw caused by uninitialized data. The NVD entry describes local information disclosure without extra privileges or user interaction. The Pixel Update Bulletin notes this vulnerability as poten...

5.5CVSS7.5AI score0.00482EPSS
In wild
CVE
CVE
added 2019/09/06 9:48 p.m.296 views

CVE-2019-9448

CVE-2019-9448 affects the Android kernel FingerTipS touchscreen driver. It is an out-of-bounds write due to a missing bounds check, enabling local escalation of privilege to System, with no user interaction required. The Pixel update bulletin indicates this issue is addressed by patches in 2019-0...

6.7CVSS6.7AI score0.00186EPSS
CVE
CVE
added 2019/09/06 9:50 p.m.294 views

CVE-2019-9449

The CVE-2019-9449 entry affects the Android kernel FingerTipS touchscreen driver. It describes a possible out-of-bounds read caused by a missing bounds check, leading to local information disclosure with system execution privileges required. No user interaction is needed for exploitation, and exp...

4.4CVSS4.3AI score0.00184EPSS
CVE
CVE
added 2019/09/06 9:47 p.m.293 views

CVE-2019-9447

CVE-2019-9447 affects the Android kernel FingerTipS touchscreen driver. The root cause is a use-after-free due to improper locking in the touch driver, enabling local escalation of privilege with System execution privileges required; exploitation does not require user interaction. Public referenc...

6.7CVSS6.7AI score0.00147EPSS
CVE
CVE
added 2019/09/06 9:48 p.m.292 views

CVE-2019-9454

CVE-2019-9454 affects the Android kernel, specifically the i2c driver, where an out-of-bounds write could corrupt memory. This leads to local escalation of privilege with SYSTEM execution privileges required; no user interaction is needed for exploitation. Public references describe the vulnerabi...

6.7CVSS6.8AI score0.00182EPSS
CVE
CVE
added 2019/09/06 9:48 p.m.290 views

CVE-2019-9450

The CVE-2019-9450 issue affects the Android kernel FingerTipS touchscreen driver. The vulnerability is a memory corruption caused by a race condition in the touch driver, enabling local escalation of privilege with System execution privileges required; exploitation does not require user interacti...

6.4CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2019/09/06 9:46 p.m.289 views

CVE-2019-9275

In the Android kernel, the MNH driver contains a use-after-free caused by improper locking, enabling local escalation of privilege to the System level with no user interaction required. The issue is officially documented as CVE-2019-9275 and is listed in the Pixel 2019-09-01 bulletin as a Moderat...

7.5CVSS6.8AI score0.00402EPSS
CVE
CVE
added 2019/09/06 9:47 p.m.289 views

CVE-2019-9442

CVE-2019-9442 affects the Android kernel MNH driver. The issue is memory corruption due to a use-after-free, enabling local elevation of privilege with System privileges required. User interaction is not needed for exploitation. The vulnerability is documented across multiple sources (NVD, RH, CN...

6.7CVSS6.7AI score0.00144EPSS
CVE
CVE
added 2022/05/10 7:56 p.m.289 views

CVE-2022-20008

CVE-2022-20008 affects the Android kernel via mmc_blk_read_single in block.c, where uninitialized data can allow reading kernel heap memory. This enables local information disclosure when reading from an SD card that triggers errors, with no additional privileges and no user interaction required....

4.6CVSS5AI score0.00361EPSS
CVE
CVE
added 2019/09/06 9:42 p.m.286 views

CVE-2019-9426

CVE-2019-9426 affects the Android kernel Bluetooth, where a missing bounds check can cause an out-of-bounds write. This vulnerability can enable local escalation of privilege to System level without user interaction. The issue is documented across multiple sources (Android/Bluetooth context, Red ...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2019/09/06 9:50 p.m.286 views

CVE-2019-9445

The CVE-2019-9445 entry describes a flaw in the Android kernel F2FS driver: an out-of-bounds read due to a missing bounds check, enabling local information disclosure with kernel privileges and no user interaction required. Connected Nessus advisories and Debian/Unity Linux advisories confirm the...

4.4CVSS4.9AI score0.0027EPSS
CVE
CVE
added 2020/09/17 6:45 p.m.282 views

CVE-2020-0431

CVE-2020-0431 refers to an out-of-bounds write in the kernel’s keyboard.c function kbd_keycode, caused by a missing bounds check. The vulnerability could enable local privilege escalation without user interaction. Public connected advisories ( MiracleLinux AXSA:2021-2148:12 and Unity Linux UTSA-2...

6.7CVSS7AI score0.00223EPSS
Total number of security vulnerabilities1555