Android
Monthly
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In gallery3d and photos, there is a possible permission bypass due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In TBD of TBD, there is a possible use after free bug. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In TBD of TBD, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.0). No vendor patch available.
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In power service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In ccu, there is a possible memory corruption due to a double free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In gallery3d and photos, there is a possible permission bypass due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In TBD of TBD, there is a possible use after free bug. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In TBD of TBD, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.0). No vendor patch available.
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In power service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In ccu, there is a possible memory corruption due to a double free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.