Total
575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0701 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21130 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002 | |||||
| CVE-2021-0945 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-42498 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240662453References: N/A | |||||
| CVE-2023-20951 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258652631 | |||||
| CVE-2022-42499 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242001391References: N/A | |||||
| CVE-2021-0877 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| Product: AndroidVersions: Android SoCAndroid ID: A-273754094 | |||||
| CVE-2022-42529 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A | |||||
| CVE-2023-20946 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 | |||||
| CVE-2022-20472 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579 | |||||
| CVE-2022-20473 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173 | |||||
| CVE-2021-26277 | 2 Google, Vivo | 2 Android, Frame Service | 2023-12-10 | N/A | 9.8 CRITICAL |
| The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | |||||
| CVE-2021-0942 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312 | |||||
| CVE-2022-20390 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 | |||||
| CVE-2022-20388 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 | |||||
| CVE-2022-20216 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916 | |||||
| CVE-2022-20386 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328 | |||||
| CVE-2022-20239 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | |||||
| CVE-2022-20222 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096 | |||||
| CVE-2022-20402 | 1 Google | 1 Android | 2023-12-10 | N/A | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A | |||||