84 matches found
CVE-2023-20928
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-2548378...
CVE-2022-20456
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2022-20489
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...
CVE-2022-20461
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...
CVE-2023-20904
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV...
CVE-2023-20919
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...
CVE-2022-20490
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe...
CVE-2023-20916
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
CVE-2023-20920
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...
CVE-2023-20922
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Androi...
CVE-2022-20494
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 And...
CVE-2023-20905
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2023-20921
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitatio...
CVE-2022-20493
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 An...
CVE-2023-20912
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pro...
CVE-2023-20915
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-20913
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is nee...
CVE-2022-20492
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...
CVE-2022-20235
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions...
CVE-2022-32636
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064.
CVE-2022-32637
In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374.
CVE-2022-32635
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237.
CVE-2022-44435
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44427
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44431
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44429
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44437
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44425
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44432
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44434
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44438
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44428
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44436
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44426
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44430
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2023-20908
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 An...
CVE-2022-38682
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-32638
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494449; Issue ID: ALPS07494449.
CVE-2023-20924
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2022-32649
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225840; Issue ID: ALPS07225840.
CVE-2022-38684
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44444
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-38683
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44439
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-32639
In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494487; Issue ID: ALPS07494487.
CVE-2022-32641
In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453594; Issue ID: ALPS07453594.
CVE-2022-44443
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2023-20925
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ker...
CVE-2022-32623
In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342114; Issue ID: ALPS07342114.
CVE-2022-32640
In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441652; Issue ID: ALPS07441652.