Android
by Google
CVEs (4,717)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21171 | Med | 0.44 | 6.7 | 0.00 | Jun 28, 2023 | In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for… | ||
| CVE-2023-21116 | Med | 0.44 | 6.7 | 0.00 | May 15, 2023 | In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is… | ||
| CVE-2023-21075 | Med | 0.44 | 6.7 | 0.00 | Mar 24, 2023 | In get_svc_hash of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | ||
| CVE-2023-21052 | Med | 0.44 | 6.7 | 0.00 | Mar 24, 2023 | In setToExternal of ril_external_client.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2023-21051 | Med | 0.44 | 6.7 | 0.00 | Mar 24, 2023 | In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2023-21050 | Med | 0.44 | 6.7 | 0.00 | Mar 24, 2023 | In load_png_image of ExynosHWCHelper.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2023-20926 | Med | 0.44 | 6.8 | 0.00 | Mar 24, 2023 | In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional… | ||
| CVE-2023-20924 | Med | 0.44 | 6.8 | 0.00 | Jan 26, 2023 | In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2022-42519 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20581 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android… | ||
| CVE-2022-20578 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20576 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20572 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20564 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20557 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20554 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android… | ||
| CVE-2022-20549 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20546 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | ||
| CVE-2022-20539 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product:… | ||
| CVE-2022-20505 | Med | 0.44 | 6.7 | 0.00 | Dec 16, 2022 | In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions:… |
- risk 0.44cvss 6.7epss 0.00
In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for…
- risk 0.44cvss 6.7epss 0.00
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is…
- risk 0.44cvss 6.7epss 0.00
In get_svc_hash of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- risk 0.44cvss 6.7epss 0.00
In setToExternal of ril_external_client.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.44cvss 6.7epss 0.00
In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.44cvss 6.7epss 0.00
In load_png_image of ExynosHWCHelper.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.44cvss 6.8epss 0.00
In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional…
- risk 0.44cvss 6.8epss 0.00
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for…
- risk 0.44cvss 6.7epss 0.00
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.44cvss 6.7epss 0.00
In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
- risk 0.44cvss 6.7epss 0.00
In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.44cvss 6.7epss 0.00
In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.44cvss 6.7epss 0.00
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.44cvss 6.7epss 0.00
In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.44cvss 6.7epss 0.00
In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.44cvss 6.7epss 0.00
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android…
- risk 0.44cvss 6.7epss 0.00
In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.44cvss 6.7epss 0.00
In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- risk 0.44cvss 6.7epss 0.00
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- risk 0.44cvss 6.7epss 0.00
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions:…
Page 140 of 236