| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-20121 |
862 |
|
|
2022-05-10 |
2022-05-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A |
|
2 |
CVE-2022-20120 |
|
|
|
2022-05-10 |
2022-05-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A |
|
3 |
CVE-2022-20119 |
908 |
|
|
2022-05-10 |
2022-05-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A |
|
4 |
CVE-2022-20118 |
362 |
|
|
2022-05-10 |
2022-05-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A |
|
5 |
CVE-2022-20117 |
327 |
|
|
2022-05-10 |
2022-05-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A |
|
6 |
CVE-2022-20009 |
787 |
|
|
2022-05-10 |
2022-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel |
|
7 |
CVE-2022-20008 |
908 |
|
|
2022-05-10 |
2022-05-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel |
|
8 |
CVE-2021-39814 |
787 |
|
|
2022-04-12 |
2022-04-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A |
|
9 |
CVE-2021-39812 |
416 |
|
|
2022-04-12 |
2022-04-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A |
|
10 |
CVE-2021-39802 |
269 |
|
Bypass |
2022-04-12 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel |
|
11 |
CVE-2021-39801 |
416 |
|
|
2022-04-12 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel |
|
12 |
CVE-2021-39800 |
416 |
|
+Info |
2022-04-12 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel |
|
13 |
CVE-2021-39793 |
787 |
|
Exec Code |
2022-03-16 |
2022-03-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A |
|
14 |
CVE-2021-39792 |
362 |
|
|
2022-03-16 |
2022-03-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel |
|
15 |
CVE-2021-39737 |
|
|
|
2022-03-16 |
2022-03-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A |
|
16 |
CVE-2021-39736 |
787 |
|
Overflow |
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A |
|
17 |
CVE-2021-39735 |
362 |
|
Mem. Corr. |
2022-03-16 |
2022-03-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A |
|
18 |
CVE-2021-39734 |
276 |
|
|
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A |
|
19 |
CVE-2021-39733 |
787 |
|
|
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A |
|
20 |
CVE-2021-39732 |
787 |
|
Overflow |
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A |
|
21 |
CVE-2021-39731 |
787 |
|
Exec Code |
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A |
|
22 |
CVE-2021-39730 |
125 |
|
|
2022-03-16 |
2022-03-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A |
|
23 |
CVE-2021-39729 |
787 |
|
|
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A |
|
24 |
CVE-2021-39727 |
362 |
|
|
2022-03-16 |
2022-03-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A |
|
25 |
CVE-2021-39726 |
125 |
|
Exec Code |
2022-03-16 |
2022-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A |
|
26 |
CVE-2021-39725 |
415 |
|
Mem. Corr. |
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A |
|
27 |
CVE-2021-39724 |
125 |
|
|
2022-03-16 |
2022-03-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A |
|
28 |
CVE-2021-39723 |
|
|
|
2022-03-16 |
2022-03-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A |
|
29 |
CVE-2021-39722 |
125 |
|
Exec Code |
2022-03-16 |
2022-03-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A |
|
30 |
CVE-2021-39721 |
787 |
|
Mem. Corr. |
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A |
|
31 |
CVE-2021-39720 |
|
|
|
2022-03-16 |
2022-03-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A |
|
32 |
CVE-2021-39719 |
787 |
|
Overflow |
2022-03-16 |
2022-03-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A |
|
33 |
CVE-2021-39718 |
787 |
|
Exec Code |
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A |
|
34 |
CVE-2021-39717 |
125 |
|
|
2022-03-16 |
2022-03-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A |
|
35 |
CVE-2021-39716 |
|
|
|
2022-03-16 |
2022-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A |
|
36 |
CVE-2021-39715 |
668 |
|
+Info |
2022-03-16 |
2022-03-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel |
|
37 |
CVE-2021-39714 |
190 |
|
Overflow |
2022-03-16 |
2022-03-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel |
|
38 |
CVE-2021-39713 |
|
|
|
2022-03-16 |
2022-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel |
|
39 |
CVE-2021-39712 |
416 |
|
|
2022-03-16 |
2022-03-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A |
|
40 |
CVE-2021-39711 |
125 |
|
|
2022-03-16 |
2022-03-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel |
|
41 |
CVE-2021-39710 |
|
|
|
2022-03-16 |
2022-03-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A |
|
42 |
CVE-2021-39698 |
416 |
|
Mem. Corr. |
2022-03-16 |
2022-03-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel |
|
43 |
CVE-2021-39688 |
|
|
|
2022-02-11 |
2022-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A |
|
44 |
CVE-2021-39687 |
125 |
|
Overflow |
2022-02-11 |
2022-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A |
|
45 |
CVE-2021-39686 |
269 |
|
|
2022-03-16 |
2022-03-23 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel |
|
46 |
CVE-2021-39685 |
787 |
|
|
2022-03-16 |
2022-03-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel |
|
47 |
CVE-2021-39684 |
269 |
|
Exec Code |
2022-01-14 |
2022-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A |
|
48 |
CVE-2021-39683 |
787 |
|
|
2022-01-14 |
2022-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A |
|
49 |
CVE-2021-39682 |
787 |
|
|
2022-01-14 |
2022-01-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A |
|
50 |
CVE-2021-39681 |
416 |
|
Exec Code |
2022-01-14 |
2022-01-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A |
