Android SDK
by Google
CVEs (1,763)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2424 | Med | 0.36 | 5.5 | 0.00 | Apr 18, 2016 | server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted… | ||
| CVE-2016-0831 | Med | 0.36 | 5.5 | 0.00 | Mar 12, 2016 | The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted… | ||
| CVE-2026-53221 | mod | 0.29 | 5.5 | 0.01 | Jun 25, 2026 | kernel: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() | ||
| CVE-2026-53219 | mod | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: netfilter: x_tables: avoid leaking percpu counter pointers | ||
| CVE-2026-52927 | mod | 0.29 | 5.5 | 0.00 | Jun 24, 2026 | kernel: netfilter: ebtables: fix OOB read in compat_mtw_from_user | ||
| CVE-2026-53125 | low | 0.29 | 5.5 | 0.00 | Jun 24, 2026 | kernel: md: fix array_state=clear sysfs deadlock | ||
| CVE-2026-52915 | mod | 0.29 | 5.5 | 0.00 | Jun 24, 2026 | kernel: netfilter: ip6t_hbh: reject oversized option lists | ||
| CVE-2026-52925 | mod | 0.29 | 5.5 | 0.00 | Jun 24, 2026 | kernel: vrf: Fix a potential NPD when removing a port from a VRF | ||
| CVE-2026-46261 | Med | 0.29 | 5.5 | 0.00 | Jun 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which would cause a crash when passed the pointer to resource_size(). Move the… | ||
| CVE-2026-46256 | Med | 0.29 | 5.5 | 0.00 | Jun 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are… | ||
| CVE-2025-71313 | Med | 0.29 | 5.5 | 0.00 | Jun 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when… | ||
| CVE-2016-0821 | Med | 0.29 | 5.5 | 0.00 | Mar 12, 2016 | The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection… | ||
| CVE-2026-46272 | Med | 0.24 | 4.7 | 0.00 | Jun 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggered sometimes: WARNING: CPU: 42 PID:… | ||
| CVE-2026-0050 | Low | 0.21 | 3.3 | 0.00 | Jun 1, 2026 | In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2023-21237 | 0.12 | — | 0.00 | KEV | Jun 28, 2023 | In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | ||
| CVE-2023-20963 | 0.12 | — | 0.01 | KEV | Mar 24, 2023 | In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID:… | ||
| CVE-2019-2107 | 0.06 | — | 0.09 | Jul 8, 2019 | In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2019-1999 | 0.03 | — | 0.01 | Feb 28, 2019 | In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | |||
| CVE-2019-2000 | 0.03 | — | 0.01 | Feb 28, 2019 | In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android… | |||
| CVE-2018-9488 | 0.03 | — | 0.00 | Nov 6, 2018 | In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0… |
- risk 0.36cvss 5.5epss 0.00
server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted…
- risk 0.36cvss 5.5epss 0.00
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted…
- risk 0.29cvss 5.5epss 0.01
kernel: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()
- risk 0.29cvss 5.5epss 0.00
kernel: netfilter: x_tables: avoid leaking percpu counter pointers
- risk 0.29cvss 5.5epss 0.00
kernel: netfilter: ebtables: fix OOB read in compat_mtw_from_user
- risk 0.29cvss 5.5epss 0.00
kernel: md: fix array_state=clear sysfs deadlock
- risk 0.29cvss 5.5epss 0.00
kernel: netfilter: ip6t_hbh: reject oversized option lists
- risk 0.29cvss 5.5epss 0.00
kernel: vrf: Fix a potential NPD when removing a port from a VRF
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which would cause a crash when passed the pointer to resource_size(). Move the…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are…
- risk 0.29cvss 5.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when…
- risk 0.29cvss 5.5epss 0.00
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection…
- risk 0.24cvss 4.7epss 0.00
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggered sometimes: WARNING: CPU: 42 PID:…
- risk 0.21cvss 3.3epss 0.00
In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.12cvss —epss 0.00
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- risk 0.12cvss —epss 0.01
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID:…
- CVE-2019-2107Jul 8, 2019risk 0.06cvss —epss 0.09
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2019-1999Feb 28, 2019risk 0.03cvss —epss 0.01
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- CVE-2019-2000Feb 28, 2019risk 0.03cvss —epss 0.01
In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android…
- CVE-2018-9488Nov 6, 2018risk 0.03cvss —epss 0.00
In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0…
Page 4 of 89