Version Android 12.0

CVE-2024-20021

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.

MEDIUM CVSS 6.7 Published May 06, 2024

CVE-2024-20058

In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204.

MEDIUM CVSS 4.4 Published May 06, 2024

CVE-2023-20848

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.

UNKNOWN CVSS 6.5 Published Sep 04, 2023

CVE-2023-20835

In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.

UNKNOWN CVSS 6.4 Published Sep 04, 2023

CVE-2023-20834

In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514.

UNKNOWN CVSS 6.4 Published Sep 04, 2023