mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-21043 | 0.12 | — | 0.01 | KEV | Sep 12, 2025 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code. | ||
| CVE-2025-21042 | 0.12 | — | 0.12 | KEV | Sep 12, 2025 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code. | ||
| CVE-2023-21492 | 0.12 | — | 0.03 | KEV | May 4, 2023 | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | ||
| CVE-2022-22265 | 0.12 | — | 0.00 | KEV | Jan 7, 2022 | An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | ||
| CVE-2021-25489 | 0.12 | — | 0.01 | KEV | Oct 6, 2021 | Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | ||
| CVE-2021-25487 | 0.12 | — | 0.01 | KEV | Oct 6, 2021 | Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. | ||
| CVE-2021-25394 | 0.12 | — | 0.00 | KEV | Jun 11, 2021 | A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. | ||
| CVE-2021-25395 | 0.12 | — | 0.00 | KEV | Jun 11, 2021 | A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. | ||
| CVE-2021-25372 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. | ||
| CVE-2021-25371 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. | ||
| CVE-2021-25370 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. | ||
| CVE-2021-25369 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. | ||
| CVE-2021-25337 | 0.12 | — | 0.03 | KEV | Mar 4, 2021 | Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. | ||
| CVE-2024-49415 | 0.01 | — | 0.01 | Dec 3, 2024 | Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | |||
| CVE-2023-21517 | 0.01 | — | 0.02 | Jun 28, 2023 | Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. | |||
| CVE-2020-12753 | 0.01 | — | 0.02 | May 11, 2020 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020). | |||
| CVE-2026-20992 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. | |||
| CVE-2026-20991 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. | |||
| CVE-2026-20990 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. | |||
| CVE-2026-20989 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. |
- risk 0.12cvss —epss 0.01
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
- risk 0.12cvss —epss 0.12
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
- risk 0.12cvss —epss 0.03
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
- risk 0.12cvss —epss 0.00
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
- risk 0.12cvss —epss 0.01
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
- risk 0.12cvss —epss 0.01
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
- risk 0.12cvss —epss 0.00
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
- risk 0.12cvss —epss 0.00
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
- risk 0.12cvss —epss 0.01
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
- risk 0.12cvss —epss 0.01
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
- risk 0.12cvss —epss 0.01
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
- risk 0.12cvss —epss 0.01
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
- risk 0.12cvss —epss 0.03
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
- CVE-2024-49415Dec 3, 2024risk 0.01cvss —epss 0.01
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
- CVE-2023-21517Jun 28, 2023risk 0.01cvss —epss 0.02
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
- CVE-2020-12753May 11, 2020risk 0.01cvss —epss 0.02
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).
- CVE-2026-20992Mar 16, 2026risk 0.00cvss —epss 0.00
Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.
- CVE-2026-20991Mar 16, 2026risk 0.00cvss —epss 0.00
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.
- CVE-2026-20990Mar 16, 2026risk 0.00cvss —epss 0.00
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
- CVE-2026-20989Mar 16, 2026risk 0.00cvss —epss 0.00
Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.
Page 1 of 46