Total
8364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32904 | 1 Google | 1 Android | 2025-03-13 | N/A | 4.7 MEDIUM |
| In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | |||||
| CVE-2024-20102 | 2 Google, Mediatek | 9 Android, Mt3605, Mt6985 and 6 more | 2025-03-13 | N/A | 4.9 MEDIUM |
| In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601. | |||||
| CVE-2024-20088 | 2 Google, Mediatek | 29 Android, Mt6765, Mt6768 and 26 more | 2025-03-13 | N/A | 4.4 MEDIUM |
| In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543. | |||||
| CVE-2024-20081 | 5 Google, Linuxfoundation, Mediatek and 2 more | 39 Android, Yocto, Mt2735 and 36 more | 2025-03-13 | N/A | 6.7 MEDIUM |
| In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412. | |||||
| CVE-2024-0052 | 1 Google | 1 Android | 2025-03-13 | N/A | 3.3 LOW |
| In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0039 | 1 Google | 1 Android | 2025-03-13 | N/A | 9.8 CRITICAL |
| In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-20129 | 2 Google, Mediatek | 47 Android, Mt6580, Mt6739 and 44 more | 2025-03-13 | N/A | 7.5 HIGH |
| In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2025. | |||||
| CVE-2024-20111 | 2 Google, Mediatek | 11 Android, Mt6765, Mt6768 and 8 more | 2025-03-13 | N/A | 6.7 MEDIUM |
| In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754. | |||||
| CVE-2024-20075 | 2 Google, Mediatek | 11 Android, Mt6833, Mt6853 and 8 more | 2025-03-13 | N/A | 6.7 MEDIUM |
| In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08713302; Issue ID: MSV-1393. | |||||
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2025-03-13 | 4.6 MEDIUM | 5.0 MEDIUM |
| An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2024-31332 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-29779 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
| there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-20114 | 2 Google, Mediatek | 11 Android, Mt6765, Mt6768 and 8 more | 2025-03-13 | N/A | 6.7 MEDIUM |
| In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09037038; Issue ID: MSV-1714. | |||||
| CVE-2024-20079 | 2 Google, Mediatek | 30 Android, Mt6761, Mt6765 and 27 more | 2025-03-13 | N/A | 6.7 MEDIUM |
| In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491. | |||||
| CVE-2024-0019 | 1 Google | 1 Android | 2025-03-13 | N/A | 5.0 MEDIUM |
| In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-21113 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32910 | 1 Google | 1 Android | 2025-03-13 | N/A | 5.5 MEDIUM |
| In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32898 | 1 Google | 1 Android | 2025-03-13 | N/A | 4.7 MEDIUM |
| In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | |||||
| CVE-2024-20022 | 5 Google, Linuxfoundation, Mediatek and 2 more | 34 Android, Yocto, Mt2737 and 31 more | 2025-03-13 | N/A | 6.7 MEDIUM |
| In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255. | |||||
| CVE-2017-13322 | 1 Google | 1 Android | 2025-03-13 | N/A | 5.5 MEDIUM |
| In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||