CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android » * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-20121 862 2022-05-10 2022-05-17
2.1
None Local Low Not required Partial None None
In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A
2 CVE-2022-20120 2022-05-10 2022-05-17
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A
3 CVE-2022-20119 908 2022-05-10 2022-05-17
2.1
None Local Low Not required Partial None None
In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A
4 CVE-2022-20118 362 2022-05-10 2022-05-17
6.9
None Local Medium Not required Complete Complete Complete
In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A
5 CVE-2022-20117 327 2022-05-10 2022-05-17
2.1
None Local Low Not required Partial None None
In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A
6 CVE-2022-20009 787 2022-05-10 2022-05-16
7.2
None Local Low Not required Complete Complete Complete
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel
7 CVE-2022-20008 908 2022-05-10 2022-05-16
2.1
None Local Low Not required Partial None None
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel
8 CVE-2021-39814 787 2022-04-12 2022-04-20
7.2
None Local Low Not required Complete Complete Complete
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A
9 CVE-2021-39812 416 2022-04-12 2022-04-20
7.2
None Local Low Not required Complete Complete Complete
In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A
10 CVE-2021-39802 269 Bypass 2022-04-12 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel
11 CVE-2021-39801 416 2022-04-12 2022-04-18
7.2
None Local Low Not required Complete Complete Complete
In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel
12 CVE-2021-39800 416 +Info 2022-04-12 2022-04-18
2.1
None Local Low Not required Partial None None
In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel
13 CVE-2021-39793 787 Exec Code 2022-03-16 2022-03-23
7.2
None Local Low Not required Complete Complete Complete
In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A
14 CVE-2021-39792 362 2022-03-16 2022-03-23
1.9
None Local Medium Not required Partial None None
In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel
15 CVE-2021-39737 2022-03-16 2022-03-23
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A
16 CVE-2021-39736 787 Overflow 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A
17 CVE-2021-39735 362 Mem. Corr. 2022-03-16 2022-03-23
4.4
None Local Medium Not required Partial Partial Partial
In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A
18 CVE-2021-39734 276 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A
19 CVE-2021-39733 787 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A
20 CVE-2021-39732 787 Overflow 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A
21 CVE-2021-39731 787 Exec Code 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A
22 CVE-2021-39730 125 2022-03-16 2022-03-23
2.1
None Local Low Not required Partial None None
In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A
23 CVE-2021-39729 787 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A
24 CVE-2021-39727 362 2022-03-16 2022-03-23
1.9
None Local Medium Not required Partial None None
In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A
25 CVE-2021-39726 125 Exec Code 2022-03-16 2022-03-23
5.0
None Remote Low Not required Partial None None
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A
26 CVE-2021-39725 415 Mem. Corr. 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A
27 CVE-2021-39724 125 2022-03-16 2022-03-22
2.1
None Local Low Not required Partial None None
In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A
28 CVE-2021-39723 2022-03-16 2022-03-22
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A
29 CVE-2021-39722 125 Exec Code 2022-03-16 2022-03-22
2.1
None Local Low Not required Partial None None
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A
30 CVE-2021-39721 787 Mem. Corr. 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A
31 CVE-2021-39720 2022-03-16 2022-03-23
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A
32 CVE-2021-39719 787 Overflow 2022-03-16 2022-03-22
4.6
None Local Low Not required Partial Partial Partial
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A
33 CVE-2021-39718 787 Exec Code 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A
34 CVE-2021-39717 125 2022-03-16 2022-03-23
2.1
None Local Low Not required Partial None None
In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A
35 CVE-2021-39716 2022-03-16 2022-03-22
5.0
None Remote Low Not required Partial None None
Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A
36 CVE-2021-39715 668 +Info 2022-03-16 2022-03-23
2.1
None Local Low Not required Partial None None
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel
37 CVE-2021-39714 190 Overflow 2022-03-16 2022-03-23
4.6
None Local Low Not required Partial Partial Partial
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel
38 CVE-2021-39713 2022-03-16 2022-03-22
7.5
None Remote Low Not required Partial Partial Partial
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
39 CVE-2021-39712 416 2022-03-16 2022-03-23
4.4
None Local Medium Not required Partial Partial Partial
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A
40 CVE-2021-39711 125 2022-03-16 2022-03-23
2.1
None Local Low Not required Partial None None
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel
41 CVE-2021-39710 2022-03-16 2022-03-23
10.0
None Remote Low Not required Complete Complete Complete
Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A
42 CVE-2021-39698 416 Mem. Corr. 2022-03-16 2022-03-23
7.2
None Local Low Not required Complete Complete Complete
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel
43 CVE-2021-39688 2022-02-11 2022-02-18
2.1
None Local Low Not required Partial None None
In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A
44 CVE-2021-39687 125 Overflow 2022-02-11 2022-02-18
2.1
None Local Low Not required Partial None None
In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A
45 CVE-2021-39686 269 2022-03-16 2022-03-23
6.9
None Local Medium Not required Complete Complete Complete
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel
46 CVE-2021-39685 787 2022-03-16 2022-03-23
7.2
None Local Low Not required Complete Complete Complete
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel
47 CVE-2021-39684 269 Exec Code 2022-01-14 2022-01-19
7.2
None Local Low Not required Complete Complete Complete
In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-203250788References: N/A
48 CVE-2021-39683 787 2022-01-14 2022-01-19
7.2
None Local Low Not required Complete Complete Complete
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A
49 CVE-2021-39682 787 2022-01-14 2022-01-20
7.2
None Local Low Not required Complete Complete Complete
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-201677538References: N/A
50 CVE-2021-39681 416 Exec Code 2022-01-14 2022-01-19
4.6
None Local Low Not required Partial Partial Partial
In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200251074References: N/A
Total number of vulnerabilities : 837   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.