Google Android Mobile operating system

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java

CVE-2021-0602 7.8 - High - July 14, 2021

In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895

Improper Privilege Management

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free

CVE-2021-0601 5.5 - Medium - July 14, 2021

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802

Memory Corruption

In onCreate of DeviceAdminAdd.java

CVE-2021-0600 7.8 - High - July 14, 2021

In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-179042963

Improper Input Validation

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier

CVE-2021-0599 5.5 - Medium - July 14, 2021

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175614289

Externally Controlled Reference to a Resource in Another Sphere

In notifyProfileAdded and notifyProfileRemoved of SipService.java

CVE-2021-0597 5.5 - Medium - July 14, 2021

In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502

AuthZ

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass

CVE-2021-0486 7.8 - High - July 14, 2021

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330

Incorrect Default Permissions

In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI

CVE-2021-0441 7.3 - High - July 14, 2021

In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520

Incorrect Default Permissions

In generateFileInfo of BluetoothOppSendFileInfo.java

CVE-2021-0604 5.5 - Medium - July 14, 2021

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179910660

In onCreate of ContactSelectionActivity.java

CVE-2021-0603 7.8 - High - July 14, 2021

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-182809425

Incorrect Default Permissions

In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free

CVE-2021-0587 7.8 - High - July 14, 2021

In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185259758

Memory Corruption

In onCreate of DevicePickerFragment.java

CVE-2021-0586 7.3 - High - July 14, 2021

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-182584940

Clickjacking

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation

CVE-2021-0585 6.7 - Medium - July 14, 2021

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-184963385

Memory Corruption

In several functions of the V8 library, there is a possible use after free due to a race condition

CVE-2021-0514 8.1 - High - July 14, 2021

In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9 Android-11 Android-8.1Android ID: A-162604069

Race Condition

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0596 7.5 - High - July 14, 2021

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181346550

Out-of-bounds Read

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation

CVE-2021-0594 8 - High - July 14, 2021

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224

Improper Input Validation

In various functions in WideVine, there are possible out of bounds writes due to improper input validation

CVE-2021-0592 8.8 - High - July 14, 2021

In various functions in WideVine, there are possible out of bounds writes due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-188061006

Memory Corruption

In sendNetworkConditionsBroadcast of NetworkMonitor.java

CVE-2021-0590 4.4 - Medium - July 14, 2021

In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041

Incorrect Default Permissions

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0589 7.8 - High - July 14, 2021

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180939982

Memory Corruption

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check

CVE-2021-0588 5.5 - Medium - July 14, 2021

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342

Incorrect Default Permissions

In flv extractor, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0577 7.8 - High - July 14, 2021

In flv extractor, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161771

Memory Corruption

In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java

CVE-2021-0518 5.5 - Medium - July 14, 2021

In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176541017

Information Disclosure

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0515 9.8 - Critical - July 14, 2021

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-167389063

Memory Corruption

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent

CVE-2020-0417 7.8 - High - July 14, 2021

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-154319182

Improper Privilege Management

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check

CVE-2021-0654 5.5 - Medium - July 14, 2021

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168802517References: N/A

Incorrect Default Permissions

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1

CVE-2021-25426 7.5 - High - July 08, 2021

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.

Information Disclosure

Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1

CVE-2021-25430 4.3 - Medium - July 08, 2021

Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.

authentification

Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1

CVE-2021-25429 4.3 - Medium - July 08, 2021

Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.

Improper Privilege Management

Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1

CVE-2021-25428 7.8 - High - July 08, 2021

Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.

Improper Input Validation

SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1

CVE-2021-25427 6.5 - Medium - July 08, 2021

SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information

SQL Injection

In archiveStoredConversation of MmsService.java

CVE-2021-0539 7.8 - High - June 22, 2021

In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673

Incorrect Permission Assignment for Critical Resource

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack

CVE-2021-0538 7.3 - High - June 22, 2021

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178821491

Clickjacking

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0546 6.7 - Medium - June 22, 2021

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258733

Memory Corruption

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0545 6.7 - Medium - June 22, 2021

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884

Memory Corruption

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0544 6.7 - Medium - June 22, 2021

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169257710

Memory Corruption

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow

CVE-2021-0543 6.7 - Medium - June 22, 2021

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258743

Memory Corruption

In onCreate of WiFiInstaller.java

CVE-2021-0537 7.3 - High - June 22, 2021

In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756141

Clickjacking

In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy

CVE-2021-0536 7.8 - High - June 22, 2021

In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756691

Externally Controlled Reference to a Resource in Another Sphere

In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure

CVE-2021-0549 4.4 - Medium - June 22, 2021

In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896

Insertion of Sensitive Information into Log File

In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0548 7.8 - High - June 22, 2021

In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650357

Memory Corruption

In updateNotification of BeamTransferManager.java, there is a missing permission check

CVE-2021-0542 5.5 - Medium - June 22, 2021

In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890

Improper Preservation of Permissions

In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0541 4.4 - Medium - June 22, 2021

In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258455

Out-of-bounds Read

In halWrapperDataCallback of hal_wrapper.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0540 6.7 - Medium - June 22, 2021

In halWrapperDataCallback of hal_wrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169328517

Memory Corruption

In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy

CVE-2021-0608 7.8 - High - June 22, 2021

In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174870704

Externally Controlled Reference to a Resource in Another Sphere

In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check

CVE-2021-0607 7.8 - High - June 22, 2021

In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180950209

Buffer Overflow

In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting

CVE-2021-0606 6.7 - Medium - June 22, 2021

In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487

Dangling pointer

In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check

CVE-2021-0605 4.4 - Medium - June 22, 2021

In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476

Out-of-bounds Read

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI

CVE-2021-0553 7.3 - High - June 22, 2021

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169936038

Improper Privilege Management

In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent

CVE-2021-0552 5.5 - Medium - June 22, 2021

In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175124820

Exposure of Resource to Wrong Sphere

In bind of MediaControlPanel.java

CVE-2021-0551 6.5 - Medium - June 22, 2021

In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039

Improper Input Validation

In onLoadFailed of AnnotateActivity.java

CVE-2021-0550 7.8 - High - June 22, 2021

In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673

Externally Controlled Reference to a Resource in Another Sphere

In onReceive of NetInitiatedActivity.java

CVE-2021-0547 7.8 - High - June 22, 2021

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048

AuthZ

In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow

CVE-2021-0557 8.8 - High - June 22, 2021

In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179046129

Memory Corruption

In isBackupServiceActive of BackupManagerService.java, there is a missing permission check

CVE-2021-0554 5.5 - Medium - June 22, 2021

In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162

AuthZ

In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free

CVE-2021-0535 6.7 - Medium - June 22, 2021

In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741

Dangling pointer

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value

CVE-2021-0534 7.8 - High - June 22, 2021

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170639543

Insecure Default Initialization of Resource

In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java

CVE-2021-0571 7.8 - High - June 22, 2021

In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936

authentification

In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0566 4.4 - Medium - June 22, 2021

In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175894436

Out-of-bounds Read

In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition

CVE-2021-0565 7 - High - June 22, 2021

In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174801970

Race Condition

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition

CVE-2021-0564 6.4 - Medium - June 22, 2021

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665

Race Condition

In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0563 5.5 - Medium - June 22, 2021

In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358

Out-of-bounds Read

In RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check

CVE-2021-0562 5.5 - Medium - June 22, 2021

In RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176084648

Out-of-bounds Read

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0561 5.5 - Medium - June 22, 2021

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683

Memory Corruption

In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0559 6.5 - Medium - June 22, 2021

In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172312730

Out-of-bounds Read

In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0558 6.5 - Medium - June 22, 2021

In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173473906

Out-of-bounds Read

In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow

CVE-2021-0556 5.5 - Medium - June 22, 2021

In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172716941

Out-of-bounds Read

In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check

CVE-2021-0555 7.5 - High - June 22, 2021

In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711

NULL Pointer Dereference

In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent

CVE-2021-0570 7.8 - High - June 22, 2021

In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178803845

authentification

In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack

CVE-2021-0569 5 - Medium - June 22, 2021

In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174045870

Clickjacking

In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check

CVE-2021-0568 7.8 - High - June 22, 2021

In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238

AuthZ

In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass

CVE-2021-0567 7.8 - High - June 22, 2021

In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179461812

Injection

In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent

CVE-2021-0572 5.5 - Medium - June 22, 2021

In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-177931355

authentification

In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition

CVE-2021-0508 7 - High - June 21, 2021

In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176444154

Race Condition

In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check

CVE-2021-0507 8.8 - High - June 21, 2021

In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042

Memory Corruption

In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack

CVE-2021-0506 7.3 - High - June 21, 2021

In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-181962311

Clickjacking

In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check

CVE-2021-0505 7.8 - High - June 21, 2021

In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179975048

AuthZ

In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check

CVE-2021-0504 6.5 - Medium - June 21, 2021

In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179162665

Out-of-bounds Read

In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception

CVE-2021-0478 7.8 - High - June 21, 2021

In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797

Improper Handling of Exceptional Conditions

In memory management driver, there is a possible memory corruption due to a race condition

CVE-2021-0532 7 - High - June 21, 2021

In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177

Race Condition

In memory management driver, there is a possible memory corruption due to a use after free

CVE-2021-0531 7.8 - High - June 21, 2021

In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195272

Dangling pointer

In memory management driver, there is a possible out of bounds write due to uninitialized data

CVE-2021-0530 7.8 - High - June 21, 2021

In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196175

Memory Corruption

In memory management driver, there is a possible memory corruption due to improper locking

CVE-2021-0529 7.8 - High - June 21, 2021

In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195268

Improper Locking

In memory management driver, there is a possible memory corruption due to a double free

CVE-2021-0528 7.8 - High - June 21, 2021

In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266

Double-free

In memory management driver, there is a possible memory corruption due to a use after free

CVE-2021-0527 7.8 - High - June 21, 2021

In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193931

Dangling pointer

In memory management driver, there is a possible out of bounds write due to uninitialized data

CVE-2021-0526 7.8 - High - June 21, 2021

In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195264

Memory Corruption

In memory management driver, there is a possible out of bounds write due to a use after free

CVE-2021-0525 7.8 - High - June 21, 2021

In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193929

Memory Corruption

In onCreate of WifiS

CVE-2021-0523 7.3 - High - June 21, 2021

In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-174047492

Clickjacking

In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free

CVE-2021-0522 7.5 - High - June 21, 2021

In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139

Out-of-bounds Read

In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check

CVE-2021-0521 5.5 - Medium - June 21, 2021

In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174661955

AuthZ

In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition

CVE-2021-0520 7 - High - June 21, 2021

In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595

Race Condition

In updateCapabilities of ConnectivityService.java

CVE-2021-0517 7.5 - High - June 21, 2021

In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823

Always-Incorrect Control Flow Implementation

In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free

CVE-2021-0516 9.8 - Critical - June 21, 2021

In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448

Out-of-bounds Read

In deleteNotificationChannel and related functions of NotificationManagerService.java

CVE-2021-0513 7.8 - High - June 21, 2021

In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809

Improper Privilege Management

In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow

CVE-2021-0512 7.8 - High - June 21, 2021

In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel

Memory Corruption

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation

CVE-2021-0511 7.8 - High - June 21, 2021

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795

Improper Input Validation

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow

CVE-2021-0510 7.8 - High - June 21, 2021

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622

Memory Corruption

In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition

CVE-2021-0509 7 - High - June 21, 2021

In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161

Race Condition

In memory management driver, there is a possible memory corruption due to a race condition

CVE-2021-0533 7 - High - June 21, 2021

In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193932

Race Condition

Product: AndroidVersions: Android SoCAndroid ID: A-175402462

CVE-2021-0324 9.8 - Critical - June 14, 2021

Product: AndroidVersions: Android SoCAndroid ID: A-175402462

In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check

CVE-2021-0467 6.8 - Medium - June 14, 2021

In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700

Memory Corruption

In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free

CVE-2021-0475 8.8 - High - June 11, 2021

In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168

Dangling pointer