Android
Monthly
In camera isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In camera isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In audio ipi, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In scp, there is a possible undefined behavior due to incorrect error handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In Car Settings app, the NotificationAccessConfirmationActivity is exported. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In USB driver, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a unauthorized broadcast in the SprdContactsProvider. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations. Rated medium severity (CVSS 4.7). No vendor patch available.
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In audio DSP, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In audio DSP, there is a possible memory corruption due to improper casting. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In Autoboot, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In MDP, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In sched driver, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible type confusion due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In GED driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In sound driver, there is a possible information disclosure due to symlink following. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In CCCI, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In CCCI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In CCCI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In GPU, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
The UE and the EMM communicate with each other using NAS messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In camera isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In camera isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In audio ipi, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In scp, there is a possible undefined behavior due to incorrect error handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
In Car Settings app, the NotificationAccessConfirmationActivity is exported. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In USB driver, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a unauthorized broadcast in the SprdContactsProvider. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations. Rated medium severity (CVSS 4.7). No vendor patch available.
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In audio DSP, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In audio DSP, there is a possible memory corruption due to improper casting. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In Autoboot, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In MDP, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In sched driver, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In TEEI driver, there is a possible type confusion due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In GED driver, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In sound driver, there is a possible information disclosure due to symlink following. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In CCCI, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In CCCI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In CCCI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In GPU, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
The UE and the EMM communicate with each other using NAS messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.