Search
Total
547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21218 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21215 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21263 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21166 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35690 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21163 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21401 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21228 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40082 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40078 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21216 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21402 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21164 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21162 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21403 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21217 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-48423 | 1 Google | 1 Android | 2023-12-13 | N/A | 9.8 CRITICAL |
| In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-42536 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Remote code execution | |||||
| CVE-2022-42537 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Remote code execution | |||||
| CVE-2022-42538 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Elevation of privilege | |||||
| CVE-2022-42540 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Elevation of privilege | |||||
| CVE-2022-42541 | 1 Google | 1 Android | 2023-12-05 | N/A | 9.8 CRITICAL |
| Remote code execution | |||||
| CVE-2023-21242 | 1 Google | 1 Android | 2023-08-24 | N/A | 9.8 CRITICAL |
| In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20965 | 1 Google | 1 Android | 2023-08-24 | N/A | 9.8 CRITICAL |
| In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21287 | 1 Google | 1 Android | 2023-08-21 | N/A | 9.8 CRITICAL |
| In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2021-39708 | 1 Google | 1 Android | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341 | |||||
| CVE-2021-39623 | 1 Google | 1 Android | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348 | |||||
| CVE-2022-20237 | 1 Google | 1 Android | 2023-08-08 | N/A | 9.8 CRITICAL |
| In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229621649References: N/A | |||||
| CVE-2022-20130 | 1 Google | 1 Android | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979 | |||||
| CVE-2022-20385 | 1 Google | 1 Android | 2023-08-08 | N/A | 9.8 CRITICAL |
| a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819 | |||||
| CVE-2022-26447 | 3 Google, Mediatek, Yoctoproject | 27 Android, Mt6580, Mt6735 and 24 more | 2023-08-08 | N/A | 9.8 CRITICAL |
| In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478. | |||||
| CVE-2022-20229 | 1 Google | 1 Android | 2022-07-26 | 10.0 HIGH | 9.8 CRITICAL |
| In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184 | |||||
| CVE-2022-20238 | 1 Google | 1 Android | 2022-07-26 | 10.0 HIGH | 9.8 CRITICAL |
| 'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555 | |||||
| CVE-2022-20222 | 1 Google | 1 Android | 2022-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096 | |||||
| CVE-2021-39658 | 1 Google | 1 Android | 2022-07-22 | 10.0 HIGH | 9.8 CRITICAL |
| ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 | |||||
| CVE-2021-39635 | 1 Google | 1 Android | 2022-07-22 | 9.4 HIGH | 9.1 CRITICAL |
| ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller's permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 | |||||
| CVE-2022-20216 | 1 Google | 1 Android | 2022-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916 | |||||
| CVE-2021-39645 | 1 Google | 1 Android | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A | |||||
| CVE-2021-39641 | 1 Google | 1 Android | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A | |||||
| CVE-2021-39655 | 1 Google | 1 Android | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A | |||||
| CVE-2021-39644 | 1 Google | 1 Android | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A | |||||
| CVE-2021-39713 | 1 Google | 1 Android | 2022-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel | |||||
| CVE-2022-28605 | 3 Apple, Google, Linkplay | 3 Iphone Os, Android, Sound Bar | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory | |||||
| CVE-2022-20145 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636 | |||||
| CVE-2022-20210 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS or RCE.Product: AndroidVersions: Android SoCAndroid ID: A-228868888 | |||||
| CVE-2022-20191 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A | |||||
| CVE-2022-20171 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A | |||||
| CVE-2022-20170 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A | |||||
| CVE-2022-20173 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A | |||||
| CVE-2022-20167 | 1 Google | 1 Android | 2022-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A | |||||