Android Security Vulnerabilities

CVE-2023-35682

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-35683

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35684

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35687

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35689

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35690

In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35691

there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35692

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35693

In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35694

In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-3781

there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-38436

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38437

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38438

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38439

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38440

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38441

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38442

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38443

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38444

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38445

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38446

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38447

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38448

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38449

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38450

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38451

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38452

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38453

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38454

In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

CVE-2023-38455

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38456

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38457

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38458

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38459

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38460

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38461

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38462

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38463

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges

CVE-2023-38464

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges

CVE-2023-38465

In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges

CVE-2023-38466

In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges

CVE-2023-38467

In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2023-38468

In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

CVE-2023-38553

In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed

CVE-2023-38554

In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could lead to local denial of service with no additional execution privileges

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40074

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40075

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for expl...

CVE-2023-40076

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.