Google Android Mobile operating system

An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1

CVE-2021-25501 3.3 - Low - November 05, 2021

An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.

AuthZ

A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1

CVE-2021-25502 5.5 - Medium - November 05, 2021

A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.

Cleartext Storage of Sensitive Information

In flv extractor, there is a possible out of bounds read due to an incorrect bounds check

CVE-2021-0409 5.5 - Medium - October 25, 2021

In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561359; Issue ID: ALPS05561359.

Out-of-bounds Read

In flv extractor, there is a possible out of bounds read due to an incorrect bounds check

CVE-2021-0410 5.5 - Medium - October 25, 2021

In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561360; Issue ID: ALPS05561360.

Out-of-bounds Read

In flv extractor, there is a possible out of bounds read due to an integer overflow

CVE-2021-0411 5.5 - Medium - October 25, 2021

In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362.

Out-of-bounds Read

In flv extractor, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0412 5.5 - Medium - October 25, 2021

In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561366; Issue ID: ALPS05561366.

Out-of-bounds Read

In flv extractor, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0413 5.5 - Medium - October 25, 2021

In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561379; Issue ID: ALPS05561379.

Out-of-bounds Read

In flv extractor, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0414 5.5 - Medium - October 25, 2021

In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561384; Issue ID: ALPS05561384.

Out-of-bounds Read

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check

CVE-2021-0613 5.5 - Medium - October 25, 2021

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05489178.

Out-of-bounds Read

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check

CVE-2021-0614 5.5 - Medium - October 25, 2021

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05495528; Issue ID: ALPS05495528.

Out-of-bounds Read

In flv extractor, there is a possible out of bounds read due to an integer overflow

CVE-2021-0615 5.5 - Medium - October 25, 2021

In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369.

Out-of-bounds Read

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0618 5.5 - Medium - October 25, 2021

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561394; Issue ID: ALPS05561394.

Out-of-bounds Read

In ccu, there is a possible memory corruption due to improper locking

CVE-2021-0625 6.7 - Medium - October 25, 2021

In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996.

Improper Locking

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0616 5.5 - Medium - October 25, 2021

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561389; Issue ID: ALPS05561389.

Out-of-bounds Read

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0617 5.5 - Medium - October 25, 2021

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561391; Issue ID: ALPS05561391.

Out-of-bounds Read

In wifi driver, there is a possible system crash due to a missing bounds check

CVE-2021-0630 7.5 - High - October 25, 2021

In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397.

Integer Overflow or Wraparound

In wifi driver, there is a possible system crash due to a missing bounds check

CVE-2021-0631 7.5 - High - October 25, 2021

In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435.

Out-of-bounds Read

In wifi driver, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0632 6.5 - Medium - October 25, 2021

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain build conditions with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05560246; Issue ID: ALPS05551383.

Out-of-bounds Read

In display driver, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0633 6.7 - Medium - October 25, 2021

In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423.

Memory Corruption

In display driver, there is a possible memory corruption due to uninitialized data

CVE-2021-0634 6.7 - Medium - October 25, 2021

In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994.

Use of Uninitialized Resource

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0661 6.7 - Medium - October 25, 2021

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844413; Issue ID: ALPS05844413.

Memory Corruption

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0662 6.7 - Medium - October 25, 2021

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434.

Memory Corruption

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0663 6.7 - Medium - October 25, 2021

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844458; Issue ID: ALPS05844458.

Memory Corruption

In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free

CVE-2021-0935 6.7 - Medium - October 25, 2021

In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel

Memory Corruption

In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free

CVE-2021-0936 7.8 - High - October 25, 2021

In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel

Dangling pointer

In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data

CVE-2021-0938 5.5 - Medium - October 25, 2021

In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel

Use of Uninitialized Resource

In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0939 4.4 - Medium - October 25, 2021

In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/A

Out-of-bounds Read

In TBD of TBD, there is a possible out of bounds write due to improper locking

CVE-2021-0940 6.7 - Medium - October 25, 2021

In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171315276References: N/A

Memory Corruption

In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free

CVE-2021-0941 6.7 - Medium - October 25, 2021

In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel

Out-of-bounds Read

In loadLabel of PackageItemInfo.java

CVE-2021-0651 5.5 - Medium - October 22, 2021

In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844

Improper Input Validation

In VectorDrawable::VectorDrawable of VectorDrawable.java

CVE-2021-0652 7.8 - High - October 22, 2021

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568

Buffer Overflow

In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade

CVE-2021-0702 5.5 - Medium - October 22, 2021

In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-193932765

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage

CVE-2021-0703 6.8 - Medium - October 22, 2021

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329

Dangling pointer

In sanitizeSbn of NotificationManagerService.java

CVE-2021-0705 7.8 - High - October 22, 2021

In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-185388103

Improper Privilege Management

In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check

CVE-2021-0706 5.5 - Medium - October 22, 2021

In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-193444889

Incorrect Default Permissions

In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy

CVE-2021-0708 7.8 - High - October 22, 2021

In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-183262161

Externally Controlled Reference to a Resource in Another Sphere

In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition

CVE-2021-0870 8.1 - High - October 22, 2021

In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262

Race Condition

In multiple methods of AAudioService, there is a possible use-after-free due to a race condition

CVE-2021-0483 7.8 - High - October 22, 2021

In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911

Race Condition

In getAllSubInfoList of SubscriptionController.java

CVE-2021-0643 5.5 - Medium - October 22, 2021

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-183612370

AuthZ

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack

CVE-2021-0583 7.3 - High - October 11, 2021

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956

Improper Privilege Management

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1

CVE-2021-25472 3.3 - Low - October 06, 2021

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.

AuthZ

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1

CVE-2021-25482 4.4 - Medium - October 06, 2021

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.

SQL Injection

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1

CVE-2021-25483 6.5 - Medium - October 06, 2021

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.

Out-of-bounds Read

Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1

CVE-2021-25484 3.3 - Low - October 06, 2021

Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.

authentification

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1

CVE-2021-25485 8 - High - October 06, 2021

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.

Directory traversal

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1

CVE-2021-25486 3.3 - Low - October 06, 2021

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1

CVE-2021-25490 6 - Medium - October 06, 2021

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1

CVE-2021-25473 4.4 - Medium - October 06, 2021

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

Improper Handling of Exceptional Conditions

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1

CVE-2021-25474 4.4 - Medium - October 06, 2021

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

Improper Handling of Exceptional Conditions

In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0689 5.5 - Medium - October 06, 2021

In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-190188264

Out-of-bounds Read

In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free

CVE-2021-0695 5.5 - Medium - October 06, 2021

In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-184018316References: Upstream kernel

Dangling pointer

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps

CVE-2021-0693 5.5 - Medium - October 06, 2021

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184046948

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent

CVE-2021-0692 7.8 - High - October 06, 2021

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-179289753

Improper Privilege Management

In the SELinux policy configured in system_app.te

CVE-2021-0691 6.7 - Medium - October 06, 2021

In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-188554048

Improper Privilege Management

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0690 6.5 - Medium - October 06, 2021

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-182152757

Memory Corruption

In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition

CVE-2021-0688 7 - High - October 06, 2021

In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543

Race Condition

In ellipsize of Layout.java, there is a possible ANR due to improper input validation

CVE-2021-0687 5 - Medium - October 06, 2021

In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-188913943

Improper Input Validation

In getDefaultSmsPackage of RoleManagerService.java

CVE-2021-0686 5.5 - Medium - October 06, 2021

In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-177927831

AuthZ

In ParsedIntentInfo of ParsedIntentInfo.java

CVE-2021-0685 7.8 - High - October 06, 2021

In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191055353

Marshaling, Unmarshaling

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy

CVE-2021-0683 7.8 - High - October 06, 2021

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942

In sendAccessibilityEvent of NotificationManagerService.java

CVE-2021-0682 5.5 - Medium - October 06, 2021

In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555

AuthZ

In system properties, there is a possible information disclosure due to a missing permission check

CVE-2021-0681 5.5 - Medium - October 06, 2021

In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535337

AuthZ

In system properties, there is a possible information disclosure due to a missing permission check

CVE-2021-0680 5.5 - Medium - October 06, 2021

In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-192535676

AuthZ

In conditionallyRemoveIdentifiers of SubscriptionController.java

CVE-2021-0644 5.5 - Medium - October 06, 2021

In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-181053462

AuthZ

When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows

CVE-2021-0636 7.8 - High - October 06, 2021

When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion: Android-10Android ID: A-189392423

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows

CVE-2021-0635 7.8 - High - October 06, 2021

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:Android-10Android ID: A-189402477

In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack

CVE-2021-0598 7.3 - High - October 06, 2021

In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180422108

Improper Privilege Management

In lockAllProfileTasks of RootWindowContainer.java

CVE-2021-0595 7.8 - High - October 06, 2021

In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096

Improper Privilege Management

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free

CVE-2021-0684 7.8 - High - October 06, 2021

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665

Dangling pointer

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0869 9.8 - Critical - September 21, 2021

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A

Memory Corruption

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1

CVE-2021-25449 9.8 - Critical - September 09, 2021

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.

Improper Input Validation

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1

CVE-2021-25450 6.5 - Medium - September 09, 2021

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

Directory traversal

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1

CVE-2021-25451 3.3 - Low - September 09, 2021

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

authentification

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1

CVE-2021-25453 5.5 - Medium - September 09, 2021

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.

Improper Input Validation

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25454 5.5 - Medium - September 09, 2021

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

Out-of-bounds Read

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25455 3.3 - Low - September 09, 2021

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

Out-of-bounds Read

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1

CVE-2021-25456 5.5 - Medium - September 09, 2021

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

Out-of-bounds Read

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1

CVE-2021-25458 5.5 - Medium - September 09, 2021

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

NULL Pointer Dereference

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1

CVE-2021-25459 5.5 - Medium - September 09, 2021

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

Files or Directories Accessible to External Parties

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1

CVE-2021-25460 5.5 - Medium - September 09, 2021

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

CVE-2021-25461 7.8 - High - September 09, 2021

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

Classic Buffer Overflow

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1

CVE-2021-25462 5.5 - Medium - September 09, 2021

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

NULL Pointer Dereference

Improper access control vulnerability in PENUP prior to version 3.8.00.18

CVE-2021-25463 3.3 - Low - September 09, 2021

Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.

In memory management driver, there is a possible system crash due to a missing bounds check

CVE-2021-0420 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065.

Buffer Overflow

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check

CVE-2021-0408 5.5 - Medium - August 18, 2021

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489195; Issue ID: ALPS05489220.

Out-of-bounds Read

In clk driver, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0407 6.7 - Medium - August 18, 2021

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.

Memory Corruption

In memory management driver, there is a possible system crash due to improper input validation

CVE-2021-0419 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713.

Improper Input Validation

In memory management driver, there is a possible system crash due to improper input validation

CVE-2021-0418 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.

Improper Input Validation

In memory management driver, there is a possible system crash due to improper input validation

CVE-2021-0417 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.

Improper Input Validation

In memory management driver, there is a possible information disclosure due to a missing permission check

CVE-2021-0415 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336692.

AuthZ

In OMA DRM, there is a possible memory corruption due to improper input validation

CVE-2021-0628 6.7 - Medium - August 18, 2021

In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.

Improper Input Validation

In OMA DRM, there is a possible memory corruption due to an integer overflow

CVE-2021-0627 6.7 - Medium - August 18, 2021

In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.

Integer Overflow or Wraparound

In ged, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0626 6.7 - Medium - August 18, 2021

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.

Memory Corruption

In memory management driver, there is a possible system crash due to improper input validation

CVE-2021-0416 5.5 - Medium - August 18, 2021

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.

Improper Input Validation

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation

CVE-2021-0584 5.5 - Medium - August 17, 2021

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-179289794

Out-of-bounds Read

In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0640 7.8 - High - August 17, 2021

In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-187957589

Memory Corruption

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java

CVE-2021-0591 7.3 - High - August 17, 2021

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960

Externally Controlled Reference to a Resource in Another Sphere

In sendDevicePickedIntent of DevicePickerFragment.java

CVE-2021-0593 7.8 - High - August 17, 2021

In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179386068

Externally Controlled Reference to a Resource in Another Sphere

In multiple functions of libl3oemcrypto.cpp

CVE-2021-0639 5.5 - Medium - August 17, 2021

In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-190724551

Insecure Storage of Sensitive Information

In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass

CVE-2021-0645 7.8 - High - August 17, 2021

In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320644

Improper Privilege Management