Android
CVEs (43)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21031 | Hig | 0.51 | 7.8 | 0.00 | Jun 5, 2026 | Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability. | ||
| CVE-2026-21030 | Hig | 0.51 | 7.8 | 0.00 | Jun 5, 2026 | Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions. | ||
| CVE-2026-21029 | Hig | 0.51 | 7.8 | 0.00 | Jun 5, 2026 | Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations. | ||
| CVE-2026-21020 | Hig | 0.51 | 7.8 | 0.00 | May 13, 2026 | Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions. | ||
| CVE-2016-4038 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2017 | Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have… | ||
| CVE-2015-7891 | Hig | 0.49 | 7.0 | 0.01 | Aug 2, 2017 | Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | ||
| CVE-2016-4547 | Hig | 0.49 | 7.5 | 0.01 | Feb 13, 2017 | Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. | ||
| CVE-2026-21021 | Med | 0.44 | 6.8 | 0.00 | May 13, 2026 | Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity. | ||
| CVE-2026-21018 | Med | 0.44 | 6.7 | 0.00 | May 13, 2026 | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code. | ||
| CVE-2026-21011 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock. | ||
| CVE-2026-21009 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning. | ||
| CVE-2026-21007 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard. | ||
| CVE-2026-21003 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions. | ||
| CVE-2026-21010 | Med | 0.43 | 6.6 | 0.00 | Apr 13, 2026 | Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions. | ||
| CVE-2026-21008 | Med | 0.42 | 6.5 | 0.00 | Apr 13, 2026 | Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information. | ||
| CVE-2026-21028 | Med | 0.36 | 5.5 | 0.00 | Jun 5, 2026 | Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | ||
| CVE-2026-21026 | Med | 0.36 | 5.5 | 0.00 | Jun 5, 2026 | Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | ||
| CVE-2026-21025 | Med | 0.36 | 5.5 | 0.00 | Jun 5, 2026 | Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | ||
| CVE-2026-21017 | Med | 0.36 | 5.5 | 0.00 | Jun 5, 2026 | Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. | ||
| CVE-2026-21022 | Med | 0.36 | 5.5 | 0.00 | May 13, 2026 | Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. |
- risk 0.51cvss 7.8epss 0.00
Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
- risk 0.51cvss 7.8epss 0.00
Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
- risk 0.51cvss 7.8epss 0.00
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
- risk 0.51cvss 7.8epss 0.00
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
- risk 0.51cvss 7.8epss 0.00
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have…
- risk 0.49cvss 7.0epss 0.01
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
- risk 0.49cvss 7.5epss 0.01
Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.
- risk 0.44cvss 6.8epss 0.00
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
- risk 0.44cvss 6.7epss 0.00
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
- risk 0.44cvss 6.8epss 0.00
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.
- risk 0.44cvss 6.8epss 0.00
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.
- risk 0.44cvss 6.8epss 0.00
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.
- risk 0.44cvss 6.8epss 0.00
Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.
- risk 0.43cvss 6.6epss 0.00
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
- risk 0.42cvss 6.5epss 0.00
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
- risk 0.36cvss 5.5epss 0.00
Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
- risk 0.36cvss 5.5epss 0.00
Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
- risk 0.36cvss 5.5epss 0.00
Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
- risk 0.36cvss 5.5epss 0.00
Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
- risk 0.36cvss 5.5epss 0.00
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Page 1 of 3