google

android

63 Versions 843 CVEs

Versions

Recent CVEs

CVE-2023-40090

In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Dec 04, 2023

CVE-2023-40084

In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Dec 04, 2023

CVE-2023-40081

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Dec 04, 2023

CVE-2023-40077

In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CRITICAL Dec 04, 2023

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Dec 04, 2023

CVE-2022-20531

In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Oct 30, 2023

CVE-2022-20264

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Oct 30, 2023

CVE-2021-39810

In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Oct 30, 2023

CVE-2023-40131

In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Oct 27, 2023

CVE-2023-40142

In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

UNKNOWN Oct 11, 2023

android

Versions

12, 12L, 13, 14

6.0

12.0l

15.0

13, 14

14.0

sc-dev

12.0

tm-dev

androidkernel

5.1.9

12 (including 12L)

soc

12l

kernel

9.0

10.0

13.0.0

14.0.0

sc-v2-dev

2.0

6.01

7.0

android_soc

android_kernel

11.28

11.0

0

androidsoc

13.0

9

7.1.1

Android kernel

8.1.0

14

8

SoCVersion

5.0.2

13

nyc-mr2-dev

Android Kernel

11

13, 12L, 12, 11

2.3.7

6.0.

1.4.0

8.1

6.0.1

v10

Android SoC

7

before 5.1

8.0

6

15

12L

5.1.1

4.4.4

Kernel

12

7.1.2

nyc-mr1-dev

2.3

Recent CVEs

CVE-2023-40090

CVE-2023-40084

CVE-2023-40081

CVE-2023-40077

CVE-2023-40073

CVE-2022-20531

CVE-2022-20264

CVE-2021-39810

CVE-2023-40131

CVE-2023-40142