Google Android Mobile operating system

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack

CVE-2021-0583 7.3 - High - October 11, 2021

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956

Improper Privilege Management

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1

CVE-2021-25474 4.4 - Medium - October 06, 2021

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

Improper Handling of Exceptional Conditions

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1

CVE-2021-25473 4.4 - Medium - October 06, 2021

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

Improper Handling of Exceptional Conditions

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1

CVE-2021-25490 6 - Medium - October 06, 2021

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1

CVE-2021-25486 3.3 - Low - October 06, 2021

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1

CVE-2021-25485 8 - High - October 06, 2021

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.

Directory traversal

Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1

CVE-2021-25484 3.3 - Low - October 06, 2021

Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.

authentification

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1

CVE-2021-25483 6.5 - Medium - October 06, 2021

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.

Out-of-bounds Read

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1

CVE-2021-25482 4.4 - Medium - October 06, 2021

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.

SQL Injection

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1

CVE-2021-25472 3.3 - Low - October 06, 2021

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.

AuthZ

In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free

CVE-2021-0695 5.5 - Medium - October 06, 2021

In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-184018316References: Upstream kernel

Dangling pointer

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps

CVE-2021-0693 5.5 - Medium - October 06, 2021

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184046948

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent

CVE-2021-0692 7.8 - High - October 06, 2021

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-179289753

Improper Privilege Management

In the SELinux policy configured in system_app.te

CVE-2021-0691 6.7 - Medium - October 06, 2021

In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-188554048

Improper Privilege Management

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0690 6.5 - Medium - October 06, 2021

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-182152757

Memory Corruption

In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0689 5.5 - Medium - October 06, 2021

In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-190188264

Out-of-bounds Read

In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition

CVE-2021-0688 7 - High - October 06, 2021

In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543

Race Condition

In ellipsize of Layout.java, there is a possible ANR due to improper input validation

CVE-2021-0687 5 - Medium - October 06, 2021

In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-188913943

Improper Input Validation

In getDefaultSmsPackage of RoleManagerService.java

CVE-2021-0686 5.5 - Medium - October 06, 2021

In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831

AuthZ

In ParsedIntentInfo of ParsedIntentInfo.java

CVE-2021-0685 7.8 - High - October 06, 2021

In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191055353

Marshaling, Unmarshaling

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free

CVE-2021-0684 7.8 - High - October 06, 2021

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665

Dangling pointer

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy

CVE-2021-0683 7.8 - High - October 06, 2021

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942

In sendAccessibilityEvent of NotificationManagerService.java

CVE-2021-0682 5.5 - Medium - October 06, 2021

In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555

AuthZ

In system properties, there is a possible information disclosure due to a missing permission check

CVE-2021-0681 5.5 - Medium - October 06, 2021

In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337

AuthZ

In system properties, there is a possible information disclosure due to a missing permission check

CVE-2021-0680 5.5 - Medium - October 06, 2021

In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535676

AuthZ

In conditionallyRemoveIdentifiers of SubscriptionController.java

CVE-2021-0644 5.5 - Medium - October 06, 2021

In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-181053462

AuthZ

When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows

CVE-2021-0636 7.8 - High - October 06, 2021

When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion: Android-10Android ID: A-189392423

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows

CVE-2021-0635 7.8 - High - October 06, 2021

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:Android-10Android ID: A-189402477

In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack

CVE-2021-0598 7.3 - High - October 06, 2021

In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180422108

Improper Privilege Management

In lockAllProfileTasks of RootWindowContainer.java

CVE-2021-0595 7.8 - High - October 06, 2021

In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096

Improper Privilege Management

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0869 9.8 - Critical - September 21, 2021

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A

Memory Corruption

Improper access control vulnerability in PENUP prior to version 3.8.00.18

CVE-2021-25463 3.3 - Low - September 09, 2021

Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1

CVE-2021-25462 5.5 - Medium - September 09, 2021

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

NULL Pointer Dereference

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

CVE-2021-25461 7.8 - High - September 09, 2021

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

Classic Buffer Overflow

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1

CVE-2021-25460 5.5 - Medium - September 09, 2021

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1

CVE-2021-25459 5.5 - Medium - September 09, 2021

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

Files or Directories Accessible to External Parties

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1

CVE-2021-25458 5.5 - Medium - September 09, 2021

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

NULL Pointer Dereference

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25456 5.5 - Medium - September 09, 2021

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

Out-of-bounds Read

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25455 3.3 - Low - September 09, 2021

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

Out-of-bounds Read

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25454 5.5 - Medium - September 09, 2021

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

Out-of-bounds Read

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1

CVE-2021-25453 5.5 - Medium - September 09, 2021

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.

Improper Input Validation

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1

CVE-2021-25451 3.3 - Low - September 09, 2021

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

authentification

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1

CVE-2021-25450 6.5 - Medium - September 09, 2021

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

Directory traversal

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1

CVE-2021-25449 9.8 - Critical - September 09, 2021

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.

Improper Input Validation

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check

CVE-2021-0408 5.5 - Medium - August 18, 2021

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489195; Issue ID: ALPS05489220.

Out-of-bounds Read

In clk driver, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0407 6.7 - Medium - August 18, 2021

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.

Memory Corruption

In memory management driver, there is a possible system crash due to a missing bounds check

CVE-2021-0420 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065.

Buffer Overflow

In memory management driver, there is a possible system crash due to improper input validation

CVE-2021-0419 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713.

Improper Input Validation

In memory management driver, there is a possible system crash due to improper input validation

CVE-2021-0418 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.

Improper Input Validation

In memory management driver, there is a possible system crash due to improper input validation

CVE-2021-0417 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.

Improper Input Validation

In memory management driver, there is a possible system crash due to improper input validation

CVE-2021-0416 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.

Improper Input Validation

In memory management driver, there is a possible information disclosure due to a missing permission check

CVE-2021-0415 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336692.

AuthZ

In OMA DRM, there is a possible memory corruption due to improper input validation

CVE-2021-0628 6.7 - Medium - August 18, 2021

In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.

Improper Input Validation

In OMA DRM, there is a possible memory corruption due to an integer overflow

CVE-2021-0627 6.7 - Medium - August 18, 2021

In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.

Integer Overflow or Wraparound

In ged, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0626 6.7 - Medium - August 18, 2021

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.

Memory Corruption

In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0519 7.8 - High - August 17, 2021

In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-176533109

Memory Corruption

In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass

CVE-2021-0645 7.8 - High - August 17, 2021

In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320644

Improper Privilege Management

In onResume of VoicemailSettingsFragment.java

CVE-2021-0642 5.5 - Medium - August 17, 2021

In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149

AuthZ

In getAvailableSubscriptionInfoList of SubscriptionController.java

CVE-2021-0641 5.5 - Medium - August 17, 2021

In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454

AuthZ

In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0640 7.8 - High - August 17, 2021

In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-187957589

Memory Corruption

In multiple functions of libl3oemcrypto.cpp

CVE-2021-0639 5.5 - Medium - August 17, 2021

In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551

Insecure Storage of Sensitive Information

In sendDevicePickedIntent of DevicePickerFragment.java

CVE-2021-0593 7.8 - High - August 17, 2021

In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179386068

Externally Controlled Reference to a Resource in Another Sphere

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java

CVE-2021-0591 7.3 - High - August 17, 2021

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960

Externally Controlled Reference to a Resource in Another Sphere

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation

CVE-2021-0584 5.5 - Medium - August 17, 2021

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794

Out-of-bounds Read

In wifi driver, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0582 6.5 - Medium - August 17, 2021

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187149601

Out-of-bounds Read

In wifi driver, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0581 6.5 - Medium - August 17, 2021

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231638

Out-of-bounds Read

In wifi driver, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0580 6.5 - Medium - August 17, 2021

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231637

Out-of-bounds Read

In wifi driver, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0579 6.5 - Medium - August 17, 2021

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231636

Out-of-bounds Read

In wifi driver, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0578 6.5 - Medium - August 17, 2021

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161772

Out-of-bounds Read

In flv extractor, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0576 7.8 - High - August 17, 2021

In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187236084

Memory Corruption

In asf extractor, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0574 7.8 - High - August 17, 2021

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187234876

Memory Corruption

In asf extractor, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0573 7.8 - High - August 17, 2021

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231635

Memory Corruption

In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation

CVE-2021-0646 7.8 - High - August 17, 2021

In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-153352319

Improper Input Validation

An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883

CVE-2021-38591 3.3 - Low - August 12, 2021

An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1

CVE-2021-25444 5.5 - Medium - August 05, 2021

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1

CVE-2021-25443 5.3 - Medium - August 05, 2021

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.

Dangling pointer

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java

CVE-2021-0602 7.8 - High - July 14, 2021

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895

Improper Privilege Management

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free

CVE-2021-0601 5.5 - Medium - July 14, 2021

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802

Memory Corruption

In onCreate of DeviceAdminAdd.java

CVE-2021-0600 7.8 - High - July 14, 2021

In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963

Improper Input Validation

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier

CVE-2021-0599 5.5 - Medium - July 14, 2021

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289

Externally Controlled Reference to a Resource in Another Sphere

In notifyProfileAdded and notifyProfileRemoved of SipService.java

CVE-2021-0597 5.5 - Medium - July 14, 2021

In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502

AuthZ

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass

CVE-2021-0486 7.8 - High - July 14, 2021

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330

Incorrect Default Permissions

In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI

CVE-2021-0441 7.3 - High - July 14, 2021

In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520

Incorrect Default Permissions

In generateFileInfo of BluetoothOppSendFileInfo.java

CVE-2021-0604 5.5 - Medium - July 14, 2021

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660

In onCreate of ContactSelectionActivity.java

CVE-2021-0603 7.8 - High - July 14, 2021

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-182809425

Incorrect Default Permissions

In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free

CVE-2021-0587 7.8 - High - July 14, 2021

In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185259758

Memory Corruption

In onCreate of DevicePickerFragment.java

CVE-2021-0586 7.8 - High - July 14, 2021

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-182584940

Clickjacking

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation

CVE-2021-0585 6.7 - Medium - July 14, 2021

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-184963385

Memory Corruption

In several functions of the V8 library, there is a possible use after free due to a race condition

CVE-2021-0514 8.1 - High - July 14, 2021

In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9 Android-11 Android-8.1Android ID: A-162604069

Race Condition

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0596 7.5 - High - July 14, 2021

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181346550

Out-of-bounds Read

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation

CVE-2021-0594 8 - High - July 14, 2021

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224

Improper Input Validation

In various functions in WideVine, there are possible out of bounds writes due to improper input validation

CVE-2021-0592 8.8 - High - July 14, 2021

In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-188061006

Memory Corruption

In sendNetworkConditionsBroadcast of NetworkMonitor.java

CVE-2021-0590 4.4 - Medium - July 14, 2021

In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041

Incorrect Default Permissions

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0589 7.8 - High - July 14, 2021

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982

Memory Corruption

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check

CVE-2021-0588 5.5 - Medium - July 14, 2021

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342

Incorrect Default Permissions

In flv extractor, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0577 7.8 - High - July 14, 2021

In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161771

Memory Corruption

In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java

CVE-2021-0518 5.5 - Medium - July 14, 2021

In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176541017

Information Disclosure

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0515 9.8 - Critical - July 14, 2021

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063

Memory Corruption

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent

CVE-2020-0417 7.8 - High - July 14, 2021

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-154319182

Improper Privilege Management

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check

CVE-2021-0654 5.5 - Medium - July 14, 2021

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168802517References: N/A

Incorrect Default Permissions