CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-22272 863 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
2 CVE-2022-22271 20 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
3 CVE-2022-22270 552 2022-01-10 2022-01-14
4.3
None Remote Medium Not required Partial None None
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
4 CVE-2022-22269 552 2022-01-10 2022-01-15
2.1
None Local Low Not required Partial None None
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
5 CVE-2022-22268 552 2022-01-10 2022-01-14
3.6
None Local Low Not required Partial Partial None
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
6 CVE-2022-22267 552 2022-01-10 2022-01-14
2.1
None Local Low Not required Partial None None
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
7 CVE-2022-22266 269 2022-01-10 2022-01-14
2.1
None Local Low Not required Partial None None
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
8 CVE-2022-22264 20 2022-01-10 2022-01-14
3.6
None Local Low Not required Partial Partial None
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.
9 CVE-2022-22263 269 2022-01-10 2022-01-14
2.1
None Local Low Not required None Partial None
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
10 CVE-2021-39684 269 Exec Code 2022-01-14 2022-01-19
7.2
None Local Low Not required Complete Complete Complete
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A
11 CVE-2021-39683 787 2022-01-14 2022-01-19
7.2
None Local Low Not required Complete Complete Complete
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A
12 CVE-2021-39682 787 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A
13 CVE-2021-39681 416 Exec Code 2022-01-14 2022-01-19
4.6
None Local Low Not required Partial Partial Partial
In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A
14 CVE-2021-39680 908 2022-01-14 2022-01-19
2.1
None Local Low Not required Partial None None
In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197965864References: N/A
15 CVE-2021-39679 362 2022-01-14 2022-01-20
6.9
None Local Medium Not required Complete Complete Complete
In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188745089References: N/A
16 CVE-2021-39678 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171742549References: N/A
17 CVE-2021-39659 755 DoS 2022-01-14 2022-01-20
4.7
None Local Medium Not required None None Complete
In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-208267659
18 CVE-2021-39657 125 2021-12-15 2021-12-20
2.1
None Local Low Not required Partial None None
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel
19 CVE-2021-39656 416 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel
20 CVE-2021-39655 269 2021-12-15 2021-12-20
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A
21 CVE-2021-39653 269 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193443223References: N/A
22 CVE-2021-39652 787 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A
23 CVE-2021-39651 276 Bypass 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A
24 CVE-2021-39650 787 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055References: N/A
25 CVE-2021-39649 416 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A
26 CVE-2021-39648 668 2021-12-15 2021-12-20
1.9
None Local Medium Not required Partial None None
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel
27 CVE-2021-39647 667 2021-12-15 2021-12-20
2.1
None Local Low Not required Partial None None
In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198713939References: N/A
28 CVE-2021-39646 668 2021-12-15 2021-12-17
5.0
None Remote Low Not required Partial None None
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A
29 CVE-2021-39645 269 2021-12-15 2021-12-17
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A
30 CVE-2021-39644 269 2021-12-15 2021-12-17
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A
31 CVE-2021-39643 269 Bypass 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195573629References: N/A
32 CVE-2021-39642 362 2021-12-15 2021-12-20
4.4
None Local Medium Not required Partial Partial Partial
In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A
33 CVE-2021-39641 269 2021-12-15 2021-12-20
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A
34 CVE-2021-39640 787 2021-12-15 2021-12-20
7.2
None Local Low Not required Complete Complete Complete
In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A
35 CVE-2021-39639 276 2021-12-15 2021-12-20
7.2
None Local Low Not required Complete Complete Complete
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A
36 CVE-2021-39638 416 2021-12-15 2021-12-20
4.6
None Local Low Not required Partial Partial Partial
In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A
37 CVE-2021-39637 125 2021-12-15 2021-12-20
2.1
None Local Low Not required Partial None None
In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193579873References: N/A
38 CVE-2021-39636 909 +Info 2021-12-15 2021-12-20
2.1
None Local Low Not required Partial None None
In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel
39 CVE-2021-39634 416 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel
40 CVE-2021-39633 668 2022-01-14 2022-01-19
2.1
None Local Low Not required Partial None None
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel
41 CVE-2021-39632 787 2022-01-14 2022-01-19
7.2
None Local Low Not required Complete Complete Complete
In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709
42 CVE-2021-39630 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202768292
43 CVE-2021-39629 362 2022-01-14 2022-01-18
6.9
None Local Medium Not required Complete Complete Complete
In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197353344
44 CVE-2021-39628 668 Exec Code 2022-01-14 2022-01-15
2.1
None Local Low Not required Partial None None
In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031
45 CVE-2021-39627 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126549
46 CVE-2021-39626 610 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695497
47 CVE-2021-39625 269 +Priv 2022-01-14 2022-01-15
6.9
None Local Medium Not required Complete Complete Complete
In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194695347
48 CVE-2021-39623 269 2022-01-14 2022-01-15
10.0
None Remote Low Not required Complete Complete Complete
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348
49 CVE-2021-39622 281 Bypass 2022-01-14 2022-01-15
7.2
None Local Low Not required Complete Complete Complete
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648
50 CVE-2021-39621 269 Bypass 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319
Total number of vulnerabilities : 3865   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.