Google Android Mobile operating system

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1

CVE-2021-25382 5.5 - Medium - April 23, 2021

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

AuthZ

In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0488 6.7 - Medium - April 15, 2021

In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781

Memory Corruption

In several functions of InputDispatcher.cpp

CVE-2021-0438 7.8 - High - April 13, 2021

In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-152064592

Improper Privilege Management

In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp

CVE-2021-0439 7.8 - High - April 13, 2021

In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174243830

Memory Corruption

In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free

CVE-2021-0442 7.8 - High - April 13, 2021

In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985

Dangling pointer

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition

CVE-2021-0443 4.7 - Medium - April 13, 2021

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-170474245

Race Condition

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java

CVE-2021-0400 5.5 - Medium - April 13, 2021

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690

In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0426 7.8 - High - April 13, 2021

In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174485572

Memory Corruption

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0427 7.8 - High - April 13, 2021

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174488848

Memory Corruption

In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check

CVE-2021-0428 5.5 - Medium - April 13, 2021

In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173421434

Incorrect Default Permissions

In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free

CVE-2021-0429 7.8 - High - April 13, 2021

In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139

Dangling pointer

In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0430 9.8 - Critical - April 13, 2021

In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766

Memory Corruption

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0431 7.5 - High - April 13, 2021

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901

Out-of-bounds Read

In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp

CVE-2021-0432 7 - High - April 13, 2021

In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173552790

Race Condition

In onCreate of DeviceChooserActivity.java

CVE-2021-0433 8 - High - April 13, 2021

In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090

Improper Privilege Management

In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data

CVE-2021-0435 7.5 - High - April 13, 2021

In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451

Improper Initialization

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow

CVE-2021-0436 5.5 - Medium - April 13, 2021

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496160

Integer Overflow or Wraparound

In setPlayPolicy of DrmPlugin.cpp, there is a possible double free

CVE-2021-0437 7.8 - High - April 13, 2021

In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330

Double-free

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow

CVE-2021-0471 5.5 - Medium - April 13, 2021

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786

Integer Overflow or Wraparound

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent

CVE-2021-0444 5.5 - Medium - April 13, 2021

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-178825358

In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy

CVE-2021-0445 7.8 - High - April 13, 2021

In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android ID: A-172322502

Improper Privilege Management

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack

CVE-2021-0446 7.3 - High - April 13, 2021

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172252122

Improper Privilege Management

In LK, there is a possible escalation of privilege due to an insecure default value

CVE-2021-0468 6.6 - Medium - April 13, 2021

In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272

Improper Privilege Management

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1

CVE-2021-25358 3.3 - Low - April 09, 2021

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.

Incorrect Default Permissions

An improper SELinux policy prior to SMR APR-2021 Release 1

CVE-2021-25359 3.3 - Low - April 09, 2021

An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.

Incorrect Default Permissions

An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1

CVE-2021-25360 9.8 - Critical - April 09, 2021

An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

Memory Corruption

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0)

CVE-2021-25357 5.5 - Medium - April 09, 2021

A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.

Improper Privilege Management

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1

CVE-2021-25356 8.8 - High - April 09, 2021

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.

AuthZ

An improper permission management in CertInstaller prior to SMR APR-2021 Release 1

CVE-2021-25362 6.1 - Medium - April 09, 2021

An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.

Improper Privilege Management

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1

CVE-2021-25364 3.3 - Low - April 09, 2021

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.

Information Disclosure

An improper exception control in softsimd prior to SMR APR-2021 Release 1

CVE-2021-25365 7.8 - High - April 09, 2021

An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.

Improper Privilege Management

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1

CVE-2021-25361 8.8 - High - April 09, 2021

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.

Directory traversal

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1

CVE-2021-25363 6.1 - Medium - April 09, 2021

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.

Improper Privilege Management

An issue was discovered on LG mobile devices with Android OS 11 software

CVE-2021-30161 5.5 - Medium - April 06, 2021

An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021).

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software

CVE-2021-30162 7.1 - High - April 06, 2021

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

CVE-2021-25369 5.5 - Medium - March 26, 2021

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

AuthZ

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

CVE-2021-25370 4.4 - Medium - March 26, 2021

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0379 6.5 - Medium - March 10, 2021

In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154075955

Out-of-bounds Read

In onReceive of DcTracker.java

CVE-2021-0380 7.8 - High - March 10, 2021

In onReceive of DcTracker.java, there is a possible way to trigger a provisioning URL and modify other telephony settings due to a missing permission check. This could lead to local escalation of privilege during the onboarding flow with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172459128

Incorrect Default Permissions

In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent

CVE-2021-0381 5.5 - Medium - March 10, 2021

In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153466381

Incorrect Default Permissions

In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check

CVE-2021-0382 5.5 - Medium - March 10, 2021

In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140727941

Incorrect Default Permissions

In done of CaptivePortalLoginActivity.java, there is a confused deputy

CVE-2021-0383 7.8 - High - March 10, 2021

In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160871056

Improper Privilege Management

In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java

CVE-2021-0385 7.8 - High - March 10, 2021

In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172584372

Improper Privilege Management

In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value

CVE-2021-0386 7.8 - High - March 10, 2021

In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110

In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition

CVE-2021-0387 6.4 - Medium - March 10, 2021

In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421939

Race Condition

In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler

CVE-2021-0388 7.8 - High - March 10, 2021

In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162741489

Improper Privilege Management

In setNightModeActivated of UiModeManagerService.java, there is a missing permission check

CVE-2021-0389 7.8 - High - March 10, 2021

In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168039904

Incorrect Default Permissions

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data

CVE-2021-0449 4.4 - Medium - March 10, 2021

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117965

Improper Initialization

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data

CVE-2021-0450 4.4 - Medium - March 10, 2021

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117880

Improper Initialization

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data

CVE-2021-0451 4.4 - Medium - March 10, 2021

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117871

Improper Initialization

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data

CVE-2021-0452 4.4 - Medium - March 10, 2021

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117261

Improper Initialization

In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data

CVE-2021-0453 4.4 - Medium - March 10, 2021

In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117199

Improper Initialization

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0454 6.7 - Medium - March 10, 2021

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117047

Memory Corruption

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0455 6.7 - Medium - March 10, 2021

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175116439

Memory Corruption

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0456 6.7 - Medium - March 10, 2021

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174769927

Memory Corruption

In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0457 6.7 - Medium - March 10, 2021

In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157155375

Memory Corruption

In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow

CVE-2021-0458 4.4 - Medium - March 10, 2021

In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157156744

Integer Overflow or Wraparound

In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0459 4.4 - Medium - March 10, 2021

In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157154534

Out-of-bounds Read

In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow

CVE-2021-0460 4.4 - Medium - March 10, 2021

In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156739245

Out-of-bounds Read

In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0461 6.7 - Medium - March 10, 2021

In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175124074

Memory Corruption

In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error

CVE-2021-0462 6.7 - Medium - March 10, 2021

In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168799695

Improper Privilege Management

In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage

CVE-2021-0463 5.5 - Medium - March 10, 2021

In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154867068

Use of Uninitialized Resource

In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0464 7.8 - High - March 10, 2021

In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-167663878

Memory Corruption

In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0465 7.8 - High - March 10, 2021

In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-172005755

Memory Corruption

In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass

CVE-2020-0025 7.8 - High - March 10, 2021

In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-135604684

Incorrect Permission Assignment for Critical Resource

In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0368 6.5 - Medium - March 10, 2021

In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169829774

Out-of-bounds Read

In CrossProfileAppsServiceImpl.java

CVE-2021-0369 7.8 - High - March 10, 2021

In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-166561076

Improper Privilege Management

In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0370 6.7 - Medium - March 10, 2021

In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169259605

Memory Corruption

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0371 6.7 - Medium - March 10, 2021

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-164440989

Out-of-bounds Read

In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent

CVE-2021-0372 7.8 - High - March 10, 2021

In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174047735

Improper Privilege Management

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0374 4.4 - Medium - March 10, 2021

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169572641

Out-of-bounds Read

In onPackageModified of VoiceInteractionManagerService.java

CVE-2021-0375 5.5 - Medium - March 10, 2021

In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484

Use of Insufficiently Random Values

In checkUriPermission and related functions of MediaProvider.java

CVE-2021-0376 7.8 - High - March 10, 2021

In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-115619667

Improper Privilege Management

In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation

CVE-2021-0377 5.5 - Medium - March 10, 2021

In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160800689

In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0378 6.5 - Medium - March 10, 2021

In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154076193

Out-of-bounds Read

In various methods of WifiNetworkSuggestionsManager.java

CVE-2021-0390 7.8 - High - March 10, 2021

In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174749461

Incorrect Permission Assignment for Critical Resource

In onCreate() of ChooseTypeAndAccountActivity.java

CVE-2021-0391 7.8 - High - March 10, 2021

In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172841550

In main of main.cpp, there is a possible memory corruption due to a double free

CVE-2021-0392 7.8 - High - March 10, 2021

In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730

Double-free

In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow

CVE-2021-0393 7.8 - High - March 10, 2021

In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-168041375

Memory Corruption

In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0394 5.5 - Medium - March 10, 2021

In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-172655291

Out-of-bounds Read

In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free

CVE-2021-0395 7.8 - High - March 10, 2021

In StopServicesAndLogViolations of reboot.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170315126

Dangling pointer

In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files

CVE-2021-0396 9.8 - Critical - March 10, 2021

In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-160610106

Memory Corruption

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free

CVE-2021-0397 9.8 - Critical - March 10, 2021

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148

Double-free

In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy

CVE-2021-0398 7.8 - High - March 10, 2021

In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173516292

In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free

CVE-2021-0399 7.8 - High - March 10, 2021

In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel

Dangling pointer

Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1

CVE-2021-25340 2.4 - Low - March 04, 2021

Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.

AuthZ

Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1

CVE-2021-25344 5.5 - Medium - March 04, 2021

Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.

Incorrect Default Permissions

A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1

CVE-2021-25346 9.8 - Critical - March 04, 2021

A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.

Memory Corruption

Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1

CVE-2021-25347 5.3 - Medium - March 04, 2021

Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.

Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1

CVE-2021-25334 5.5 - Medium - March 04, 2021

Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.

Improper Input Validation

Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1

CVE-2021-25335 2.5 - Low - March 04, 2021

Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.

Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1

CVE-2021-25336 3.3 - Low - March 04, 2021

Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.

AuthZ

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1

CVE-2021-25337 7.1 - High - March 04, 2021

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

AuthZ

Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1

CVE-2021-25330 7.5 - High - March 02, 2021

Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.

An issue was discovered on LG mobile devices with Android OS 11 software

CVE-2021-27901 6.8 - Medium - March 02, 2021

An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).

In vpu, there is a possible memory corruption due to a race condition

CVE-2021-0366 6.4 - Medium - February 26, 2021

In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093.

Race Condition

In vpu, there is a possible memory corruption due to a race condition

CVE-2021-0367 6.4 - Medium - February 26, 2021

In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085.

Race Condition

In vow, there is a possible memory corruption due to a race condition

CVE-2021-0401 6.4 - Medium - February 26, 2021

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.

Race Condition

In jpeg, there is a possible out of bounds write due to improper input validation

CVE-2021-0402 6.7 - Medium - February 26, 2021

In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311.

Memory Corruption

In netdiag, there is a possible information disclosure due to a missing permission check

CVE-2021-0403 4.4 - Medium - February 26, 2021

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124.

Information Disclosure