GKI kernels contain broken non-upstream Speculative Page Faults MM code
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.7AI Score
0.0004EPSS
Starting Activity from background via LauncherAppsService#getActivityLaunchIntent
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.8CVSS
7.8AI Score
0.0004EPSS
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.8CVSS
7.8AI Score
0.0005EPSS
: wifi: mac80211: fix MBSSID parsing use-after-free
In ieee802_11_parse_elems_crc of util.c, there is a possible use after free due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
8.8AI Score
0.01EPSS
: wifi: cfg80211: fix BSS refcounting bugs
In multiple functions of scan.c, there is a possible way to inject WLAN frames due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
8.3AI Score
0.0004EPSS
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Task hijacking of apps that set allowTaskReparenting="true"
In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Accessibility Service does not list/report all enabled 3rd party a11y services on the device
In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7AI Score
0.0004EPSS
Permanent denial of service via PackageManager#setComponentEnabledSetting
In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
libfdt_fuzzer: Stack-overflow in fdt_path_offset_namelen
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for...
4.4CVSS
6.1AI Score
0.0004EPSS
[Continual Calling to addAccountExplicitly Causes Permanent DoS to Android System]
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.4AI Score
0.0004EPSS
[Bluetooth avrcp/avdtp heap overflow] part 2: avdt_msg_asmbl
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.8AI Score
0.001EPSS
AlwaysOnHotwordDetector allows hotword detection without CAPTURE_AUDIO_HOTWORD permission
In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
3.3CVSS
6.7AI Score
0.0004EPSS
InputMethodManager#getInputMethodWindowVisibleHeight() leaks user activity to any app
In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
5CVSS
6.2AI Score
0.0004EPSS
Foreground Activity Started via FullScreenIntent
In handleFullScreenIntent of StatusBarNotificationActivityStarter.java, there is a possible bypass of the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.8CVSS
7.1AI Score
0.0004EPSS
SQL Injection in CallLogProvider#query via URI PathSegments
In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.5AI Score
0.0004EPSS
In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
7.8CVSS
7.1AI Score
0.0004EPSS
Malicious APP Causes Device DoS - test
In freeStageDirs PackageInstallerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
Vulnerability: external/expat (size_t)
(from https://nvd.nist.gov/vuln/detail/CVE-2022-25314) In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. In copyString of xmlparse.c, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no...
7.5CVSS
8.8AI Score
0.009EPSS
Linux kernel vulnerability advisory
In fget() of file.c, there is a possible read after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7CVSS
7.7AI Score
0.0004EPSS
4 bytes uninitialized heap memory leak from system_server process to untrusted app
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
WIFI scanning can be modified even restricted by UserManager.DISALLOW_CONFIG_WIFI
In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Make bluetooth discoverable via SettingsIntelligence#SliceDeepLinkTrampoline
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.4AI Score
0.001EPSS
[Out of Bounds Write in read_attr_value Function in gatt_db.cc in Bluetooth]
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.8AI Score
0.001EPSS
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.1AI Score
0.0004EPSS
User directories can be left unencrypted due to missing error check
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not....
5.5CVSS
6.2AI Score
0.0004EPSS
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Lockdown vs. Screen pinning mode
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution.....
7.8CVSS
7AI Score
0.0004EPSS
[Mainline Fix] AttributionSource may incorrectly validate the calling uid and pid depending on usage
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
Bypass of overlay protection in landscape mode
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed...
7AI Score
EPSS
[Platform Fix] AttributionSource may incorrectly validate the calling uid and pid depending on usage
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7AI Score
EPSS
Potential DoS attack through shortcut reporting.
In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.6AI Score
EPSS
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.2AI Score
EPSS
Linux Kernel Race Condition leads to UAF in Unix Domain Socket and causes LPE in Android
In unix_stream_sendpage of af_unix.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.3AI Score
0.0004EPSS
Task Hijacking Using startActivityForResults - Phone by Google Example
In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction.....
6.5AI Score
0.0004EPSS
Permanent device denial of service due to a huge amount of scheduled alarms
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
Permanent device denial of service due to improper input validation in AppOpsService
In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
[Out of Bounds Write in internalGetVp8Params in SoftVP8Encoder.cpp in libstagefright_soft_vpxenc]
In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
[Out of Bounds Write in attp_build_value_cmd in libbt-stack]
In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
7.8AI Score
0.0004EPSS
DPC global restriction are lost after reboot on Android 14
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...
6.6AI Score
0.0004EPSS
Start foreground activity from background in ActivityTaskManagerService#startNextMatchingActivity
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.3AI Score
0.0004EPSS
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.4AI Score
0.0004EPSS
[Binder MemoryHeapBase] - Need to SEAL file size on memfd mapped region
In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.6AI Score
0.0004EPSS
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
7.3AI Score
0.0004EPSS