CVE-2022-48389

In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

CVE-2023-30915

In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2023-30916

In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

CVE-2019-2064

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116469592

CVE-2019-2084

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117494734

CVE-2019-2087

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118149009

CVE-2019-2146

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112859714

CVE-2019-2148

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113508105

CVE-2019-2149

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113262406

CVE-2019-2154

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610057

CVE-2019-2155

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117655547

CVE-2019-2156

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552816

CVE-2019-9318

In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111764725

CVE-2019-9348

In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128431761

CVE-2020-0120

In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andr...

CVE-2020-0144

In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

CVE-2020-0172

In Parse_art of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127312550

CVE-2020-0185

In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10And...

CVE-2020-0186

In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-14614446...

CVE-2020-10842

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020).

CVE-2020-10851

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020).

CVE-2021-0407

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.

CVE-2021-0425

In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05400059.

CVE-2021-0612

In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834.

CVE-2021-0621

In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383.

CVE-2021-0660

In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145.

CVE-2021-1038

In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-1...

CVE-2021-25383

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

CVE-2021-25407

A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.

CVE-2021-25412

An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.

CVE-2021-25475

A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

CVE-2021-25484

Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.

CVE-2021-25517

An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.

CVE-2022-33700

Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

CVE-2022-39090

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

CVE-2022-39113

In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.

CVE-2022-47494

In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

CVE-2023-30866

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2023-30919

In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2023-30923

In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2019-20536

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).

CVE-2019-2076

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115907334

CVE-2019-2147

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116474108

CVE-2019-2161

In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112553431

CVE-2019-2163

In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118138797

CVE-2019-2168

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492594

CVE-2019-2171

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035086

CVE-2019-2189

In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112312381

CVE-2019-9317

In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052258

CVE-2019-9342

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214470