Android SDK
by Google
CVEs (1,763)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3918 | 0.03 | — | 0.01 | Oct 7, 2012 | The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application. | |||
| CVE-2008-0985 | 0.03 | — | 0.05 | Mar 6, 2008 | Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width. | |||
| CVE-2008-0986 | 0.03 | — | 0.05 | Mar 6, 2008 | Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. | |||
| CVE-2024-0044 | 0.01 | — | 0.01 | Mar 11, 2024 | In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2024-0040 | 0.01 | — | 0.02 | Feb 16, 2024 | In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-21144 | 0.01 | — | 0.01 | Jun 15, 2023 | In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2022-20229 | 0.01 | — | 0.02 | Jul 13, 2022 | In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2022-20145 | 0.01 | — | 0.06 | Jun 15, 2022 | In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is… | |||
| CVE-2022-20130 | 0.01 | — | 0.08 | Jun 15, 2022 | In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2021-0397 | 0.01 | — | 0.06 | Mar 10, 2021 | In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11… | |||
| CVE-2021-0326 | 0.01 | — | 0.05 | Feb 10, 2021 | In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not… | |||
| CVE-2020-0198 | 0.01 | — | 0.04 | Jun 11, 2020 | In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-0034 | 0.01 | — | 0.02 | Mar 10, 2020 | In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2019-2205 | 0.01 | — | 0.03 | Nov 13, 2019 | In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2019-9433 | 0.01 | — | 0.03 | Sep 27, 2019 | In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:… | |||
| CVE-2018-9355 | 0.01 | — | 0.03 | Nov 6, 2018 | In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2026-53297 | 0.00 | — | 0.00 | Jun 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an error), mana_probe() calls mana_remove(), which tears down the device and sets gd->gdma_context = NULL… | |||
| CVE-2026-53283 | 0.00 | — | 0.00 | Jun 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in __rlookup_amd_iommu() iommu_device_register() walks every device on the PCI bus via bus_for_each_dev() and calls amd_iommu_probe_device() for each. The inlined check_device()… | |||
| CVE-2026-53293 | 0.00 | — | 0.00 | Jun 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG There were multiple issues in that code. First of all the order between the reset semaphore and the mm_lock was wrong (e.g. copy_to_user) was called while holding the… | |||
| CVE-2026-53285 | 0.00 | — | 0.00 | Jun 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(). In x86 non-RT,… |
- CVE-2011-3918Oct 7, 2012risk 0.03cvss —epss 0.01
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
- CVE-2008-0985Mar 6, 2008risk 0.03cvss —epss 0.05
Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
- CVE-2008-0986Mar 6, 2008risk 0.03cvss —epss 0.05
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
- CVE-2024-0044Mar 11, 2024risk 0.01cvss —epss 0.01
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-0040Feb 16, 2024risk 0.01cvss —epss 0.02
In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-21144Jun 15, 2023risk 0.01cvss —epss 0.01
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for…
- CVE-2022-20229Jul 13, 2022risk 0.01cvss —epss 0.02
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2022-20145Jun 15, 2022risk 0.01cvss —epss 0.06
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is…
- CVE-2022-20130Jun 15, 2022risk 0.01cvss —epss 0.08
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2021-0397Mar 10, 2021risk 0.01cvss —epss 0.06
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…
- CVE-2021-0326Feb 10, 2021risk 0.01cvss —epss 0.05
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not…
- CVE-2020-0198Jun 11, 2020risk 0.01cvss —epss 0.04
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- CVE-2020-0034Mar 10, 2020risk 0.01cvss —epss 0.02
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for…
- CVE-2019-2205Nov 13, 2019risk 0.01cvss —epss 0.03
In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2019-9433Sep 27, 2019risk 0.01cvss —epss 0.03
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…
- CVE-2018-9355Nov 6, 2018risk 0.01cvss —epss 0.03
In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2026-53297Jun 27, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an error), mana_probe() calls mana_remove(), which tears down the device and sets gd->gdma_context = NULL…
- CVE-2026-53283Jun 27, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in __rlookup_amd_iommu() iommu_device_register() walks every device on the PCI bus via bus_for_each_dev() and calls amd_iommu_probe_device() for each. The inlined check_device()…
- CVE-2026-53293Jun 27, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG There were multiple issues in that code. First of all the order between the reset semaphore and the mm_lock was wrong (e.g. copy_to_user) was called while holding the…
- CVE-2026-53285Jun 27, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn32_internal_validate_bw() with DC_FP_START()/DC_FP_END(). In x86 non-RT,…
Page 5 of 89