Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Android
Total 575 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-48423 1 Google 1 Android 2024-03-12 N/A 9.8 CRITICAL
In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40082 1 Google 1 Android 2024-02-15 N/A 9.8 CRITICAL
In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-20011 2 Google, Mediatek 18 Android, Mt6985, Mt8127 and 15 more 2024-02-09 N/A 9.8 CRITICAL
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
CVE-2023-40078 1 Google 1 Android 2024-02-02 N/A 9.8 CRITICAL
In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2016-2496 1 Google 1 Android 2024-01-26 10.0 HIGH 9.8 CRITICAL
The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796.
CVE-2023-35690 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21403 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21402 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21401 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21263 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21228 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21218 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21217 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21216 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21215 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21166 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21164 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21163 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21162 1 Google 1 Android 2023-12-22 N/A 9.8 CRITICAL
In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2022-42537 1 Google 1 Android 2023-12-10 N/A 9.8 CRITICAL
Remote code execution