Linux Foundation Yocto

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Linux Foundation Yocto.

By the Year

In 2026 there have been 0 vulnerabilities in Linux Foundation Yocto. Last year, in 2025 Yocto had 14 security vulnerabilities published. Right now, Yocto is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	14	6.60
2024	21	6.58
2023	41	6.25

It may take a day or so for new Yocto vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Foundation Yocto Security Vulnerabilities

Android Device Admin API OOB Write LPE via Physical Access
CVE-2025-20696 - August 04, 2025

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.

Memory Corruption

Out-of-Bounds Read in Alps WLAN STA Driver Causing Info Disclosure
CVE-2025-20693 - July 08, 2025

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

Out-of-bounds Read

CVE-2025-20656: OOB Write in DA Enables Physical Local Priv Esc Escalation
CVE-2025-20656 - April 07, 2025

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.

Memory Corruption

Local Info Disclosure via OOB Read in 'da' Component
CVE-2025-20651 - March 03, 2025

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.

Local Priv Esc via OOB Write in ALPS Driver (CVE-2025-20650)
CVE-2025-20650 - March 03, 2025

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.

Memory Corruption

V6 DA OOB Write: Local Priv Escalation via Physical Access
CVE-2025-20635 6.6 - Medium - February 03, 2025

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.

Memory Corruption

MediaTek BT FW reachable assertion leads to remote DoS
CVE-2024-20147 - February 03, 2025

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.

Microsoft Windows PowerShell OOB Write Escalation
CVE-2024-20140 - January 06, 2025

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020.

Memory Corruption

V6 DA Driver OOB Write Enables Local Priv Escalation
CVE-2024-20143 - January 06, 2025

Memory Corruption

ALPS V6 DA OOB Write for Local Priv Escalation
CVE-2024-20144 - January 06, 2025

Memory Corruption

V6 DA OOB Write Enables Local Priv Escalation
CVE-2024-20145 - January 06, 2025

Memory Corruption

WCNCR WLAN STA Driver OOB Write Remote Code Exec
CVE-2024-20146 - January 06, 2025

In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.

Memory Corruption

OOB write in WLAN STA firmware remote code execution (CVE202420148)
CVE-2024-20148 - January 06, 2025

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.

Memory Corruption

Microsoft WLAN Driver Assertion Failure DoS via Improper Exception Handling
CVE-2024-20152 - January 06, 2025

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.

assertion failure

Da Out of Bounds Read Vulnerability in Memory Management
CVE-2024-20107 - November 04, 2024

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.

Out-of-bounds Read

MediaTek Da Out-of-Bounds Write Vulnerability
CVE-2024-20104 - November 04, 2024

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.

Memory Corruption

Power component OOB write triggers local privilege escalation on Windows
CVE-2024-20099 - October 07, 2024

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.

Memory Corruption

Microsoft PowerShell OOB Write LPE CVE-2024-20098
CVE-2024-20098 - October 07, 2024

Memory Corruption

Windows Power OOB Read Local Info Disclosure (Requires SYSTEM)
CVE-2024-20085 4.4 - Medium - September 02, 2024

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.

Out-of-bounds Read

Microsoft Windows WLAN Remote DoS via Error Handling
CVE-2024-20089 7.5 - High - September 02, 2024

In wlan, there is a possible denial of service due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08861558; Issue ID: MSV-1526.

Improper Check for Unusual or Exceptional Conditions

MS Windows PowerShell OOB Read for Local Info Disclosure
CVE-2024-20084 4.4 - Medium - September 02, 2024

Out-of-bounds Read

Android GNSS Service Escalation via Improper Cert Validation
CVE-2024-20080 - July 01, 2024

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

Improper Certificate Validation

Android GNSS Service OOB Write Local Priv Escalation
CVE-2024-20081 6.7 - Medium - July 01, 2024

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412.

Memory Corruption

MS Windows Device Administration Permission Bypass Local Priv Escalation
CVE-2023-32871 - May 06, 2024

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.

Improper Check for Unusual or Exceptional Conditions

Remote OOB Write in MediaTek MT6XXX/MT79XX WLAN Firmware
CVE-2024-20040 - April 01, 2024

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.

FlashC Uncaught Exception Enables Local Info Disclosure (CVE-2024-20049)
CVE-2024-20049 - April 01, 2024

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.

CVE-2024-20050: flashc Local Info Disclosure via Uncaught Exception
CVE-2024-20050 - April 01, 2024

Local DoS via uncaught exception in flashc
CVE-2024-20051 - April 01, 2024

In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.

ALPS FlashC Local Info Disclosure via Uncaught Exception
CVE-2024-20052 - April 01, 2024

flashc OOB Write in Uncaught Exception Leads to Local Priv Escalation
CVE-2024-20053 - April 01, 2024

In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.

CVE-2024-20054: GNSSe EtP via Missing Bounds Check
CVE-2024-20054 - April 01, 2024

In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.

Windows imgsys Local Info Disclosure via Bounds Check
CVE-2024-20055 - April 01, 2024

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.

flashc OOB Write Escalation (local, SYSTEM)
CVE-2024-20023 - March 04, 2024

In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.

Linux Kernel ELSEC via Missing Bounds Check
CVE-2024-20022 6.7 - Medium - March 04, 2024

In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255.

Yocto Bitbake Toaster RCE via Crafted HTTP (before 2.6.2, Yocto 4.3.1)
CVE-2024-25626 9.8 - Critical - February 19, 2024

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remote code execution in the server's shell via a crafted HTTP request. Authentication is not necessary. Toaster server execution has to be specifically run and is not the default for Bitbake command line builds, it is only used for the Toaster web based user interface to Bitbake. The fix has been backported to the bitbake included with Yocto Project 5.0, 3.1.31, 4.0.16, and 4.3.2.

Shell injection

Apusys Integer Overflow OOB Write Leading to Local Escalation
CVE-2023-32829 6.7 - Medium - October 02, 2023

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.

Integer Overflow or Wraparound

WLAN Firmware Remote DoS via Improper Input Handling
CVE-2023-32820 7.5 - High - October 02, 2023

In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.

assertion failure

GPS OOB Write Local Escalation (CVE-2023-20830)
CVE-2023-20830 6.7 - Medium - September 04, 2023

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.

Memory Corruption

imgsys OOB read/write for local privilege escalation
CVE-2023-20840 6.5 - Medium - September 04, 2023

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430.

Out-of-bounds Read

CVE-2023-32811: OOB Write Connectivity Driver Leads to Local Priv Escalation
CVE-2023-32811 6.7 - Medium - September 04, 2023

In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.

Memory Corruption

Android Kernel OOB Write in imgsys_cmdq Enables Loc Priv Esc (User Interaction)
CVE-2023-20850 6.5 - Medium - September 04, 2023

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.

Memory Corruption

Use-after-Free in imgsys_cmdq leads to local privilege escalation (ALPS)
CVE-2023-20849 6.5 - Medium - September 04, 2023

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.

Dangling pointer

Android GPS OOB Write: Local Priv Escalation
CVE-2023-20832 6.7 - Medium - September 04, 2023

Memory Corruption

gps OOB Write Enables Local Priv Esc (System)
CVE-2023-20831 6.7 - Medium - September 04, 2023

Memory Corruption

Local Priv Esc via OOB Write in GPS Firmware
CVE-2023-20829 6.7 - Medium - September 04, 2023

Memory Corruption

Out-of-Bounds Write in GPS Device Enables Local Priv Escalation (CVE-2023-20828)
CVE-2023-20828 6.7 - Medium - September 04, 2023

Memory Corruption

Local PrivEsc via OOB Write in ALPS nvram
CVE-2023-20821 6.7 - Medium - September 04, 2023

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.

Memory Corruption

Use-After-Free in Camsys Causing Local Privilege Escalation
CVE-2023-20835 6.4 - Medium - September 04, 2023

In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.

Race Condition

GNSS Service OOB Write LvL Priv Escalation
CVE-2023-32812 6.7 - Medium - September 04, 2023

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.

Memory Corruption

Dell Windows driver imgsys_cmdq LPE via OOB read
CVE-2023-20848 6.5 - Medium - September 04, 2023

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Linux Foundation Yocto or by Linux Foundation? Click the Watch button to subscribe.

Linux Foundation
Vendor

Linux Foundation Yocto
Product

Linux Foundation Yocto

Don't miss out!

By the Year

Recent Linux Foundation Yocto Security Vulnerabilities

Android Device Admin API OOB Write LPE via Physical Access CVE-2025-20696 - August 04, 2025

Out-of-Bounds Read in Alps WLAN STA Driver Causing Info Disclosure CVE-2025-20693 - July 08, 2025

CVE-2025-20656: OOB Write in DA Enables Physical Local Priv Esc Escalation CVE-2025-20656 - April 07, 2025

Local Info Disclosure via OOB Read in 'da' Component CVE-2025-20651 - March 03, 2025

Local Priv Esc via OOB Write in ALPS Driver (CVE-2025-20650) CVE-2025-20650 - March 03, 2025

V6 DA OOB Write: Local Priv Escalation via Physical Access CVE-2025-20635 6.6 - Medium - February 03, 2025

MediaTek BT FW reachable assertion leads to remote DoS CVE-2024-20147 - February 03, 2025

Microsoft Windows PowerShell OOB Write Escalation CVE-2024-20140 - January 06, 2025

V6 DA Driver OOB Write Enables Local Priv Escalation CVE-2024-20143 - January 06, 2025

ALPS V6 DA OOB Write for Local Priv Escalation CVE-2024-20144 - January 06, 2025

V6 DA OOB Write Enables Local Priv Escalation CVE-2024-20145 - January 06, 2025

WCNCR WLAN STA Driver OOB Write Remote Code Exec CVE-2024-20146 - January 06, 2025

OOB write in WLAN STA firmware remote code execution (CVE202420148) CVE-2024-20148 - January 06, 2025

Microsoft WLAN Driver Assertion Failure DoS via Improper Exception Handling CVE-2024-20152 - January 06, 2025

Da Out of Bounds Read Vulnerability in Memory Management CVE-2024-20107 - November 04, 2024

MediaTek Da Out-of-Bounds Write Vulnerability CVE-2024-20104 - November 04, 2024

Power component OOB write triggers local privilege escalation on Windows CVE-2024-20099 - October 07, 2024

Microsoft PowerShell OOB Write LPE CVE-2024-20098 CVE-2024-20098 - October 07, 2024

Windows Power OOB Read Local Info Disclosure (Requires SYSTEM) CVE-2024-20085 4.4 - Medium - September 02, 2024

Microsoft Windows WLAN Remote DoS via Error Handling CVE-2024-20089 7.5 - High - September 02, 2024

MS Windows PowerShell OOB Read for Local Info Disclosure CVE-2024-20084 4.4 - Medium - September 02, 2024

Android GNSS Service Escalation via Improper Cert Validation CVE-2024-20080 - July 01, 2024

Android GNSS Service OOB Write Local Priv Escalation CVE-2024-20081 6.7 - Medium - July 01, 2024

MS Windows Device Administration Permission Bypass Local Priv Escalation CVE-2023-32871 - May 06, 2024

Remote OOB Write in MediaTek MT6XXX/MT79XX WLAN Firmware CVE-2024-20040 - April 01, 2024

FlashC Uncaught Exception Enables Local Info Disclosure (CVE-2024-20049) CVE-2024-20049 - April 01, 2024

CVE-2024-20050: flashc Local Info Disclosure via Uncaught Exception CVE-2024-20050 - April 01, 2024

Local DoS via uncaught exception in flashc CVE-2024-20051 - April 01, 2024

ALPS FlashC Local Info Disclosure via Uncaught Exception CVE-2024-20052 - April 01, 2024

flashc OOB Write in Uncaught Exception Leads to Local Priv Escalation CVE-2024-20053 - April 01, 2024

CVE-2024-20054: GNSSe EtP via Missing Bounds Check CVE-2024-20054 - April 01, 2024

Windows imgsys Local Info Disclosure via Bounds Check CVE-2024-20055 - April 01, 2024

flashc OOB Write Escalation (local, SYSTEM) CVE-2024-20023 - March 04, 2024

Linux Kernel ELSEC via Missing Bounds Check CVE-2024-20022 6.7 - Medium - March 04, 2024

Yocto Bitbake Toaster RCE via Crafted HTTP (before 2.6.2, Yocto 4.3.1) CVE-2024-25626 9.8 - Critical - February 19, 2024

Apusys Integer Overflow OOB Write Leading to Local Escalation CVE-2023-32829 6.7 - Medium - October 02, 2023

WLAN Firmware Remote DoS via Improper Input Handling CVE-2023-32820 7.5 - High - October 02, 2023

GPS OOB Write Local Escalation (CVE-2023-20830) CVE-2023-20830 6.7 - Medium - September 04, 2023

imgsys OOB read/write for local privilege escalation CVE-2023-20840 6.5 - Medium - September 04, 2023

CVE-2023-32811: OOB Write Connectivity Driver Leads to Local Priv Escalation CVE-2023-32811 6.7 - Medium - September 04, 2023

Android Kernel OOB Write in imgsys_cmdq Enables Loc Priv Esc (User Interaction) CVE-2023-20850 6.5 - Medium - September 04, 2023

Use-after-Free in imgsys_cmdq leads to local privilege escalation (ALPS) CVE-2023-20849 6.5 - Medium - September 04, 2023

Android GPS OOB Write: Local Priv Escalation CVE-2023-20832 6.7 - Medium - September 04, 2023

gps OOB Write Enables Local Priv Esc (System) CVE-2023-20831 6.7 - Medium - September 04, 2023

Local Priv Esc via OOB Write in GPS Firmware CVE-2023-20829 6.7 - Medium - September 04, 2023

Out-of-Bounds Write in GPS Device Enables Local Priv Escalation (CVE-2023-20828) CVE-2023-20828 6.7 - Medium - September 04, 2023

Local PrivEsc via OOB Write in ALPS nvram CVE-2023-20821 6.7 - Medium - September 04, 2023

Use-After-Free in Camsys Causing Local Privilege Escalation CVE-2023-20835 6.4 - Medium - September 04, 2023

GNSS Service OOB Write LvL Priv Escalation CVE-2023-32812 6.7 - Medium - September 04, 2023

Dell Windows driver imgsys_cmdq LPE via OOB read CVE-2023-20848 6.5 - Medium - September 04, 2023

Stay on top of Security Vulnerabilities

Linux Foundation Vendor

Linux Foundation YoctoProduct

Android Device Admin API OOB Write LPE via Physical Access
CVE-2025-20696 - August 04, 2025

Out-of-Bounds Read in Alps WLAN STA Driver Causing Info Disclosure
CVE-2025-20693 - July 08, 2025

CVE-2025-20656: OOB Write in DA Enables Physical Local Priv Esc Escalation
CVE-2025-20656 - April 07, 2025

Local Info Disclosure via OOB Read in 'da' Component
CVE-2025-20651 - March 03, 2025

Local Priv Esc via OOB Write in ALPS Driver (CVE-2025-20650)
CVE-2025-20650 - March 03, 2025

V6 DA OOB Write: Local Priv Escalation via Physical Access
CVE-2025-20635 6.6 - Medium - February 03, 2025

MediaTek BT FW reachable assertion leads to remote DoS
CVE-2024-20147 - February 03, 2025

Microsoft Windows PowerShell OOB Write Escalation
CVE-2024-20140 - January 06, 2025

V6 DA Driver OOB Write Enables Local Priv Escalation
CVE-2024-20143 - January 06, 2025

ALPS V6 DA OOB Write for Local Priv Escalation
CVE-2024-20144 - January 06, 2025

V6 DA OOB Write Enables Local Priv Escalation
CVE-2024-20145 - January 06, 2025

WCNCR WLAN STA Driver OOB Write Remote Code Exec
CVE-2024-20146 - January 06, 2025

OOB write in WLAN STA firmware remote code execution (CVE202420148)
CVE-2024-20148 - January 06, 2025

Microsoft WLAN Driver Assertion Failure DoS via Improper Exception Handling
CVE-2024-20152 - January 06, 2025

Da Out of Bounds Read Vulnerability in Memory Management
CVE-2024-20107 - November 04, 2024

MediaTek Da Out-of-Bounds Write Vulnerability
CVE-2024-20104 - November 04, 2024

Power component OOB write triggers local privilege escalation on Windows
CVE-2024-20099 - October 07, 2024

Microsoft PowerShell OOB Write LPE CVE-2024-20098
CVE-2024-20098 - October 07, 2024

Windows Power OOB Read Local Info Disclosure (Requires SYSTEM)
CVE-2024-20085 4.4 - Medium - September 02, 2024

Microsoft Windows WLAN Remote DoS via Error Handling
CVE-2024-20089 7.5 - High - September 02, 2024

MS Windows PowerShell OOB Read for Local Info Disclosure
CVE-2024-20084 4.4 - Medium - September 02, 2024

Android GNSS Service Escalation via Improper Cert Validation
CVE-2024-20080 - July 01, 2024

Android GNSS Service OOB Write Local Priv Escalation
CVE-2024-20081 6.7 - Medium - July 01, 2024

MS Windows Device Administration Permission Bypass Local Priv Escalation
CVE-2023-32871 - May 06, 2024

Remote OOB Write in MediaTek MT6XXX/MT79XX WLAN Firmware
CVE-2024-20040 - April 01, 2024

FlashC Uncaught Exception Enables Local Info Disclosure (CVE-2024-20049)
CVE-2024-20049 - April 01, 2024

CVE-2024-20050: flashc Local Info Disclosure via Uncaught Exception
CVE-2024-20050 - April 01, 2024

Local DoS via uncaught exception in flashc
CVE-2024-20051 - April 01, 2024

ALPS FlashC Local Info Disclosure via Uncaught Exception
CVE-2024-20052 - April 01, 2024

flashc OOB Write in Uncaught Exception Leads to Local Priv Escalation
CVE-2024-20053 - April 01, 2024

CVE-2024-20054: GNSSe EtP via Missing Bounds Check
CVE-2024-20054 - April 01, 2024

Windows imgsys Local Info Disclosure via Bounds Check
CVE-2024-20055 - April 01, 2024

flashc OOB Write Escalation (local, SYSTEM)
CVE-2024-20023 - March 04, 2024

Linux Kernel ELSEC via Missing Bounds Check
CVE-2024-20022 6.7 - Medium - March 04, 2024

Yocto Bitbake Toaster RCE via Crafted HTTP (before 2.6.2, Yocto 4.3.1)
CVE-2024-25626 9.8 - Critical - February 19, 2024

Apusys Integer Overflow OOB Write Leading to Local Escalation
CVE-2023-32829 6.7 - Medium - October 02, 2023

WLAN Firmware Remote DoS via Improper Input Handling
CVE-2023-32820 7.5 - High - October 02, 2023

GPS OOB Write Local Escalation (CVE-2023-20830)
CVE-2023-20830 6.7 - Medium - September 04, 2023

imgsys OOB read/write for local privilege escalation
CVE-2023-20840 6.5 - Medium - September 04, 2023

CVE-2023-32811: OOB Write Connectivity Driver Leads to Local Priv Escalation
CVE-2023-32811 6.7 - Medium - September 04, 2023

Android Kernel OOB Write in imgsys_cmdq Enables Loc Priv Esc (User Interaction)
CVE-2023-20850 6.5 - Medium - September 04, 2023

Use-after-Free in imgsys_cmdq leads to local privilege escalation (ALPS)
CVE-2023-20849 6.5 - Medium - September 04, 2023

Android GPS OOB Write: Local Priv Escalation
CVE-2023-20832 6.7 - Medium - September 04, 2023

gps OOB Write Enables Local Priv Esc (System)
CVE-2023-20831 6.7 - Medium - September 04, 2023

Local Priv Esc via OOB Write in GPS Firmware
CVE-2023-20829 6.7 - Medium - September 04, 2023

Out-of-Bounds Write in GPS Device Enables Local Priv Escalation (CVE-2023-20828)
CVE-2023-20828 6.7 - Medium - September 04, 2023

Local PrivEsc via OOB Write in ALPS nvram
CVE-2023-20821 6.7 - Medium - September 04, 2023

Use-After-Free in Camsys Causing Local Privilege Escalation
CVE-2023-20835 6.4 - Medium - September 04, 2023

GNSS Service OOB Write LvL Priv Escalation
CVE-2023-32812 6.7 - Medium - September 04, 2023

Dell Windows driver imgsys_cmdq LPE via OOB read
CVE-2023-20848 6.5 - Medium - September 04, 2023

Linux Foundation
Vendor

Linux Foundation Yocto
Product