Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-11961

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-20 Dec, 2018 | 15:00
Updated At-05 Aug, 2024 | 08:24
Rejected At-
Credits

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:20 Dec, 2018 | 15:00
Updated At:05 Aug, 2024 | 08:24
Rejected At:
▼CVE Numbering Authority (CNA)

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Android for MSM, Firefox OS for MSM, QRD Android
Versions
Affected
  • All Android releases from CAF using the Linux kernel
Problem Types
TypeCWE IDDescription
textN/ABuffer Copy Without Checking Size of Input in GPS.
Type: text
CWE ID: N/A
Description: Buffer Copy Without Checking Size of Input in GPS.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/106136
vdb-entry
x_refsource_BID
https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/106136
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/106136
vdb-entry
x_refsource_BID
x_transferred
https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/106136
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:20 Dec, 2018 | 15:29
Updated At:09 Jan, 2019 | 20:29

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Google LLC
google
>>android>>-
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/106136product-security@qualcomm.com
Third Party Advisory
VDB Entry
https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletinproduct-security@qualcomm.com
Patch
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/106136
Source: product-security@qualcomm.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin
Source: product-security@qualcomm.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2588Records found
CVE-2020-11284
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 5.38%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:10
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qca6431_firmwareqfs2530wcd9360_firmwarepm6125qbt2000_firmwarewcn3950_firmwarepm8150aqtc800hsdr8250_firmwareqcs2290pm8998_firmwaresmr546_firmwarewtr5975_firmwaresd8csdr425_firmwarewcn3998smr526_firmwarewcn3950sm4125qpa5460pm640a_firmwarewgr7640_firmwareqsw8574_firmwaresd460_firmwareqca6574au_firmwareqpa4360_firmwarewcd9375_firmwarewcn3998_firmwareqbt2000pm855pqca6420wcd9360pm6150awhs9410_firmwaresdr735gqpa5460_firmwarewcn3999pm8150bsd662_firmwareqcs405qca6430qat3522wcd9340sdm830_firmwareqca6436sdr660sa6155pqpa6560sdr865wcd9341smr545qca6431sd870_firmwarepmm855au_firmwarewcn3910_firmwarepm6350qtc800ssd855_firmwareqet6105wcn3988wtr3925pm640p_firmwaresa8195p_firmwaresmb1390pm6150lsd8885gpm855l_firmwareqtc410swcd9380_firmwarewcn3991smb1355sdr735g_firmwarewgr7640qet5100pm8150l_firmwaresdx55m_firmwarepm8005_firmwaresdxr25gpm6150qet4101_firmwaresmb1354_firmwarepm7250bwcd9380smb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwarepm855p_firmwaresdr735sdx24_firmwaresmr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcn3980qat3522_firmwaresdxr25g_firmwarewcd9340_firmwarewsa8815wcn3910qca6426_firmwarepm8350_firmwareqca9984pm8009wcn3980_firmwaresdx55mqca6421_firmwarepm8008qtm525_firmwareqsw8574pmi8998pm855lqpa6560_firmwaresd8655gpm8150b_firmwaresmr545_firmwarepm8009_firmwarepm4250_firmwareqfs2580_firmwareqcm4290_firmwaresd480sd870sd8885g_firmwarepm8150lpmi8998_firmwarepm8005pm855_firmwarepm4250pm855b_firmwareqca6595_firmwareqcs405_firmwarewtr2965pm640l_firmwareqca6391_firmwarewcd9370_firmwaresdx55sd675qet4101pm855bar8035_firmwareqcm2290wcn3991_firmwarepm6125_firmwarepm4125qbt1500qcs2290_firmwarepmi632pmx24_firmwareqbt1500_firmwareqet5100_firmwareqet6100_firmwareqcs4290qet6100pmm855ausdr660gqca6420_firmwareqca6390_firmwaresmb1396wcd9370sd675_firmwarepm8350sdr425pmr525_firmwareqca6426wcn3990_firmwareqca9984_firmwarepmi632_firmwarewcd9385_firmwarewhs9410sd662sdr660g_firmwarepmk8002_firmwarepm3003asdx55_firmwarewcn3999_firmwareqca6436_firmwaresmb1354sa6155p_firmwarepm855pm8250qfs2530_firmwarewcn3988_firmwarepmx55pm8150c_firmwareqca6421sdr735_firmwaresa8195pwsa8810_firmwarepm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwarewcd9385qtc800h_firmwareqat3550_firmwarepm4125_firmwarear8035qca6390wcd9375aqt1000pmm8195auwsa8815_firmwaresmb1396_firmwaresmr525_firmwarepm8998wtr3925_firmwaresmr546pmx24qcm2290_firmwarewcn3990pmx55_firmwareqca6595sdx24pm8150cqpa4360pmk8003_firmwaresdr660_firmwaresmb1390_firmwaresmr525pm6150l_firmwarepmr525pm8150a_firmwareqtm525sd855sm4125_firmwaresd8cxpm6150a_firmwarepm6150_firmwarepm640psdr865_firmwarepm8250_firmwaresd460qca6391sd8cx_firmwaresmb1351aqt1000_firmwaresd8c_firmwarewtr2965_firmwareqcm4290pm640asdr8150sd480_firmwareqtc801spmd9655qca6574auqet6105_firmwarepm8008_firmwaresd8655g_firmwarewcd9341_firmwarewsa8810qtc410s_firmwareqat3550sdr8250pm3003a_firmwareqtc800s_firmwarepm8004pm640lpmk8002pmm8195au_firmwaresdm830Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-667
Improper Locking
CVE-2020-11165
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 05:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qpm5679_firmwaresa6150p_firmwaresm6250p_firmwareqcs610qpm5620_firmwareqdm2307qca6431_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqpa8802wcd9360_firmwareqpa8688pm6125qpm6585_firmwareqat3519qbt2000_firmwareqat5522_firmwarewcn3950_firmwarepm8150aqtc800hqdm5670sa8150p_firmwareqca6595au_firmwareqcs2290qpa5581_firmwaresa6155sdr8250_firmwarepm7150lqpa8821pm8998_firmwaresd_675_firmwareqdm5671wtr5975_firmwareqpm4650_firmwareqat3518pm456_firmwareqpa5580_firmwaresdr425_firmwarewcn3998wcd9371_firmwaresmr526_firmwarewcn3950sm4125sd720gqpa5460pm640a_firmwarewgr7640_firmwareqdm2305_firmwareqpm5670_firmwareqsw8574_firmwaresd710_firmwaresd460_firmwareqdm5652qca6574au_firmwareqpa4360_firmwareqpm8870wcd9375_firmwarewcn3998_firmwareqpm5679qbt2000sa6155_firmwarepm855pqca6420wcd9360pm6150aqpm6670_firmwarepmx50_firmwareqpa8675_firmwarewhs9410_firmwaresdr735gqpa5460_firmwarepm660_firmwarewcn3999pm8150bqdm3301_firmwareqsm7250sa8155_firmwaresd662_firmwareqcs405qca6430qat3522pmr735awcd9340sdm830_firmwaresd765gqdm2308_firmwaresdr660qca6436wcn6851sa6155pqpa6560qfs2630_firmwaresdr675_firmwaresdr865qdm5620_firmwarewcd9341qdm4643_firmwareqca6431qca6696_firmwareqln5020wcd9371qet4100_firmwaresd750gpmm855au_firmwarewcn3910_firmwaresm4350_firmwaresd_8cxsa8150pqpm5657pm6350qdm5621qtc800sqpm5875_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareqdm5650wcn3988wtr3925pm640p_firmwaresdr052sa8195p_firmwaresmb1390wcn6750_firmwareqat5516_firmwarepm6150lpm855l_firmwareqet4100qpa8686_firmwareqpm6585qtc410swcn3991wcd9380_firmwaresmb1355qln4650qpa8801sdr735g_firmwarewgr7640qat5568qet5100qdm5671_firmwareqpa8801_firmwarepm8150l_firmwareqat5533_firmwaresdx55m_firmwarepm8005_firmwareqpa8673_firmwarepm6150qet4101_firmwaresmb1354_firmwaresd670_firmwareqca6574pm7250bqln4642_firmwareqfs2630qpa8842sdr052_firmwarewcd9380smb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwareqln4640qcs410pmk8350_firmwaresmb1381pm855p_firmwaresd690_5g_firmwaresdx50m_firmwaresdr735pm7250smb1395pm660lqpa8803sdx24_firmwaresmr526wtr5975qca6430_firmwarepmk8003qtc801s_firmwarewcn3980qat3522_firmwareqdm2301wcd9340_firmwarewsa8815wcn6850sd7cwcn3910qdm5621_firmwareqdm2301_firmwaresd_8c_firmwareqca6426_firmwarepm8350_firmwareqca9984pm8009wcn3980_firmwareqpa8675sd730sdr051_firmwarepm660l_firmwaresdx55mpm6250_firmwareqca6421_firmwarepm8008pm8350b_firmwareqtm525_firmwareqat3518_firmwareqsw8574pmi8998qpm5621_firmwarepm855lwcn6851_firmwareqdm5670_firmwareqpa6560_firmwareqpa8802_firmwareqln4640_firmwarepm7150a_firmwarepm8150b_firmwareqpm5621qpm6582sd670pm8009_firmwareqdm2310_firmwareqfs2580_firmwareqcm4290_firmwarepm8150lpmi8998_firmwareqcs610_firmwareqdm5677pm8005qsm8250sa6145ppm855_firmwarepmm6155aupm855b_firmwareqcs405_firmwareqpm6582_firmwarewtr2965qca6391_firmwarepm640l_firmwarewcd9370_firmwareqln4650_firmwareqat3516_firmwareqpm5875sdx55qet5100msa8155psd675qet4101qat3555_firmwareqat3516qpa8803_firmwareqpm5658pm855bar8035_firmwareqcm2290qsm8250_firmwareqpm5658_firmwareqpm5870wcn3991_firmwareqdm5652_firmwarewsa8830pmm8155au_firmwarepm660qet6110_firmwaresdr051qln5030pm6125_firmwareqcs2290_firmwareqbt1500pm4125qpa5581pmi632qpa2625_firmwarepm456sd7c_firmwarepm8350bh_firmwarepmr735b_firmwarepmx24_firmwareqbt1500_firmwareqet5100_firmwareqpm5870_firmwareqpm4621qet6100_firmwareqcs4290qet6100pmm855ausd765g_firmwareqpa8686qca6420_firmwareqca6390_firmwaresd690_5gsmb1396pm7150asd730_firmwarewcd9370sd675_firmwarepm8350qpa5461_firmwaresdr425pm8350c_firmwarepmr525_firmwareqca6426wcn3990_firmwareqca9984_firmwareqpm5641pmi632_firmwaresd_8cx_firmwarewcd9385_firmwareqdm5650_firmwaresdxr2_5g_firmwarewcd9326_firmwarewhs9410qat5516pm7250_firmwareqdm5620sd662qpa8821_firmwarepm8350bhpmk8002_firmwarepm3003asa8155qdm4650_firmwaresdx55_firmwarepmm6155au_firmwareqat5533qca6595auwcn3999_firmwaresm7250p_firmwareqca6436_firmwareqsm7250_firmwareqpm6670smb1354pm7150l_firmwareqdm2305sa6155p_firmwareqpm8820qpm4641qat5515_firmwareqln5020_firmwarepm855qpm8830_firmwaresdxr2_5gpm8250smb1398qdm4643qfs2530_firmwarewcn3988_firmwarepmx55qpm4641_firmwaresa6145p_firmwaresdr675pm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresa8195psdr735_firmwaresm6250qpm5677qat5515wsa8810_firmwaresd765_firmwarewcd9326qdm5677_firmwarepm6350_firmwarepm8004_firmwaresdr8150_firmwareqcs4290_firmwarewcd9385qtc800h_firmwareqpm5620qat3550_firmwarepmm8155auqpm4630qln5040_firmwareqca6390wcd9375sd750g_firmwareaqt1000pm4125_firmwarear8035sm6250_firmwarepmm8195auqpa8673qdm2310qln4642qln5030_firmwareqpm5677_firmwarewsa8815_firmwaresd888_5g_firmwaresmr525_firmwarepm8998wtr3925_firmwaresmb1396_firmwareqpm8820_firmwarewcn6850_firmwarewsa8835_firmwareqpm6621_firmwarepmx24qet6110qln5040qcm2290_firmwareqpm8895qpm5670wcn3990sd_675pmx55_firmwaresd865_5gpmk8350sdx24smb1398_firmwareqpm8830pm8350bqat5522qdm2307_firmwarewsa8835pm8150cpmr735bsd665_firmwareqpm5657_firmwaresd888_5gsm6250pqpa4360pmk8003_firmwaresdr660_firmwareqca6574aqpm4640_firmwaresmb1390_firmwareqdm5679_firmwarepm8350csmr525qpm4640wcn6750pm6150l_firmwarepmr525pm8150a_firmwareqet5100m_firmwareqpm4650qtm525qca6574_firmwaresd855sm4125_firmwaresd665pm6150a_firmwarepm6150_firmwaresd765pm640pqca6574a_firmwareqpm4630_firmwaresd768g_firmwaresdr865_firmwareqat3555pm8250_firmwaresd460qca6391smb1351qpa5461aqt1000_firmwareqpm8895_firmwarewtr2965_firmwareqcm4290sdx50mpm640asdr8150qfs2608qtc801ssmb1395_firmwareqdm4650pmd9655qca6574auqpm5641_firmwaresd710sa8155p_firmwarepm8008_firmwarewcd9341_firmwareqpm6621wsa8810qtc410s_firmwarepmr735a_firmwareqat5568_firmwareqdm2308pmx50qat3550qdm5679sd_8csdr8250sd768gpm3003a_firmwareqca6696qtc800s_firmwaresm4350smb1381_firmwarepm8004pm640lpmk8002qpa2625sa6150pqpa8688_firmwarepmm8195au_firmwaresm7250psdm830sd720g_firmwareqpm4621_firmwareqcs410_firmwarepm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11237
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 07:55
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qpm5679_firmwaresm6250p_firmwareqpm5620_firmwareqca8337qdm2307qca6431_firmwareqfs2530qpm8870_firmwareqpa8802qpm6585_firmwareqat3519qbt2000_firmwareqat5522_firmwarewcn3950_firmwarepm8150aqtc800hqdm5670sdr8250_firmwareqca6595au_firmwareqpa5581_firmwarepm7150lqpa8821qdm5671qpm4650_firmwareqat3518pm456_firmwareqpa5580_firmwaresa415mwcn3998smr526_firmwarewcn3950sd720gqdm2305_firmwareqpm5670_firmwareqdm5652sd6905gqca6574au_firmwareqpm8870wcd9375_firmwarewcn3998_firmwareqpm5679qbt2000pm6150aqpa8675_firmwaresdr735gpm8150bqdm3301_firmwareqsm7250pmr735asd765gqdm2308_firmwaresdr660qca6436wcn6851qpa6560sdr675_firmwaresdr865qdm5620_firmwarewcd9341qca6431qca6696_firmwareqln5020qet4100_firmwaresd870_firmwaresd750gqpm5657pm6350qdm5621wsa8830_firmwaresd855_firmwareqdm5650wcn3988smb1390qat5516_firmwarepm6150lpm855l_firmwareqet4100qpa8686_firmwareqpm6585wcn3991qca8337_firmwarewcd9380_firmwaresmb1355qln4650qpa8801sdr735g_firmwareqet5100qdm5671_firmwareqpa8801_firmwareqca6564aupm8150l_firmwareqat5533_firmwaresdx55m_firmwareqtm527_firmwaresdxr25gqpa8673_firmwarepm6150qet4101_firmwarepm7250bqln4642_firmwareqpa8842wcd9380smb1355_firmwarepm7250b_firmwareqln4640smb1381sdr735pm7250smb1395qpa8803smr526wcn3980pmk8003qtc801s_firmwaresdxr25g_firmwareqdm2301wsa8815wcn6850qdm5621_firmwareqdm2301_firmwareqca6426_firmwarepm8009wcn3980_firmwareqpa8675sd730sdx55mpm6250_firmwareqca6421_firmwarepm8008qtm525_firmwareqat3518_firmwaresd6905g_firmwaresd678_firmwareqpm5621_firmwarepm855lqln1021aq_firmwarewcn6851_firmwareqdm5670_firmwareqpa6560_firmwaresd8655gqpa8802_firmwareqln4640_firmwarepm7150a_firmwarepm8150b_firmwareqpm5621qpm6582pm8009_firmwareqdm2310_firmwareqfs2580_firmwaresd480sd870pm8150lqdm5677pm855_firmwarepm855b_firmwareqpm6582_firmwareqca6391_firmwarewcd9370_firmwareqln4650_firmwareqat3516_firmwaresdx55sd675qet4101qat3555_firmwareqat3516qpa8803_firmwareqpm5658pm855bqln1031qpm5658_firmwarewcn3991_firmwareqdm5652_firmwarewsa8830sd678qet6110_firmwareqln5030qbt1500qpa5581pmi632qpa2625_firmwarepm456csrb31024pmr735b_firmwarepmx24_firmwareqbt1500_firmwareqet5100_firmwareqet6100_firmwareqet6100sd765g_firmwareqpa8686qca6390_firmwaresmb1396sd730_firmwarepm7150awcd9370sd675_firmwarepmr525_firmwareqca6426qca6584au_firmwarewcn3990_firmwarepmi632_firmwarewcd9385_firmwareqdm5650_firmwareqat5516pm7250_firmwareqdm5620qln1021aqqpa8821_firmwarepmk8002_firmwarepm3003aqln1031_firmwaresdx55_firmwareqat5533qca6595ausm7250p_firmwareqca6436_firmwareqsm7250_firmwarepm7150l_firmwareqca6564au_firmwareqca6584auqdm2305qpm8820qat5515_firmwareqln5020_firmwarepm855qpm8830_firmwarepm8250qfs2530_firmwaresa415m_firmwarepmx55wcn3988_firmwaresdr675pm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresdr735_firmwaresm6250wsa8810_firmwareqpm5677qat5515sd765_firmwareqdm5677_firmwarepm6350_firmwaresdr8150_firmwarewcd9385qtc800h_firmwareqpm5620qln5040_firmwareqca6390wcd9375sd750g_firmwareqpa8673sm6250_firmwareqdm2310qln5030_firmwareqln4642qpm5677_firmwarewsa8815_firmwaresmb1396_firmwaresmr525_firmwarewcn6850_firmwarewsa8835_firmwareqpm8820_firmwarepmx24qet6110qln5040qpm8895qpm5670wcn3990pmx55_firmwareqtm527qpm8830qdm2307_firmwareqat5522wsa8835pm8150cpmr735bqpm5657_firmwaresm6250ppmk8003_firmwaresdr660_firmwareqca6574asmb1390_firmwareqdm5679_firmwaresmr525pm6150l_firmwarepmr525pm8150a_firmwareqpm4650qtm525qln1036aq_firmwaresd855pm6150a_firmwarepm6150_firmwaresd765qca6574a_firmwaresd768g_firmwaresdr865_firmwareqat3555pm8250_firmwareqca6391qpm8895_firmwarecsrb31024_firmwaresdr8150sd480_firmwareqln1036aqqtc801ssmb1395_firmwareqca6574aupm8008_firmwaresd8655g_firmwarewcd9341_firmwarewsa8810pmr735a_firmwareqdm2308qdm5679sdr8250sd768gpm3003a_firmwareqca6696smb1381_firmwareqpa2625pmk8002sm7250psd720g_firmwarepm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11206
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.22%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 10:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm6115_firmwaresm7250sa6150p_firmwaresm6250p_firmwareqcs610sm6125sdm640sdm845sm7250_firmwaresdx55m_firmwaresm6150psm6115p_firmwaresm7150_firmwaresm6150qcs4290sa8150p_firmwaresm7150sm6250psa6155sm8350qcs410sda640_firmwaresxr2130sdx50m_firmwareqcs6125_firmwaresm6115sm8350psm7150psda845_firmwareapq8098sm4250sm7225sda855sm6115pqsm8350_firmwareqsm8350sa8155sda660sdx55_firmwaresa6155_firmwaresda855_firmwaresm7250p_firmwaresxr2130psdx55msm6150p_firmwaresda845sm6350sm7125sdm850_firmwaresm4250p_firmwaresa6155p_firmwaresxr2130p_firmwareqsm8250_firmwaresda640qcm4290apq8098_firmwaresdx50mqcs6125msm8998_firmwaresm8350_firmwaresa8155_firmwaresdm660sm8250_firmwaresm6350_firmwaresa6145p_firmwaresc7180_firmwaresm4250_firmwaresm6250sa8155p_firmwaresa8195psdm830_firmwareqcm6125qcm4290_firmwaresa6155pqcs610_firmwareqsm8250sa6145psm8350p_firmwareqcs4290_firmwaresm8150_firmwaresxr2130_firmwaresm7150p_firmwaresm4250psc7180sda660_firmwaresa8150psm7125_firmwaresm6250_firmwaresa6150psdx55sm6150_firmwaresa8155psm8250sm8150p_firmwaremsm8998sm7225_firmwaresm8150sdm850sm7250psdm830sa8195p_firmwaresdm640_firmwareqcs410_firmwaresm6125_firmwaresm8150psdm660_firmwareqcm6125_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2022-20223
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.03%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 18:22
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2022-20142
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.32%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 13:02
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0408
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.32%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:05
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-156999009

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0114
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.98%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 17:10
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0440
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:51
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162627132

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0275
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.78%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:45
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0041
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-22.95% / 95.69%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:56
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

Action-Not Available
Vendor-n/aAndroidGoogle LLC
Product-androidAndroidAndroid Kernel
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0259
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:32
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0444
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.38%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:50
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2020-0010
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:53
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0261
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.32%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 15:47
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0375
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:58
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253476

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0388
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.78%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:49
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0001
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 18:25
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0012
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.49%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:55
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648844

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0036
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.80%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:56
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144679405

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-0122
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.95%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 20:09
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0394
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.32%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:47
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155648639

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2020-0374
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:58
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-23428
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.74%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0266
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:58
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-111086459

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0016
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 22:07
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-0026
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.59%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 14:22
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140419401

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0011
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.82%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:55
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648045References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0391
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.72%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:54
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-158570769

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0401
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 15:28
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150857253

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-862
Missing Authorization
CVE-2020-0465
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 6.30%
||
7 Day CHG-0.00%
Published-14 Dec, 2020 | 21:51
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0466
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.02%
||
7 Day CHG-0.00%
Published-14 Dec, 2020 | 21:50
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2020-0069
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-1.08% / 77.01%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:56
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.MediaTek Inc.Google LLC
Product-jakarta-al00acornell-tl10bprinceton-al10b_firmwaremadrid-al00a_firmwareberkeley-l09yale-l21a_firmwarecolumbia-al10bcolumbia-tl00b_firmwarecolumbia-al10b_firmwarehonor_view_20paris-l29b_firmwarey6_2019_firmwaresydney-al00_firmwaresydneym-al00nova_4_firmwarehonor_20_procornell-al00a_firmwaredura-al00ahonor_8a_firmwaretony-tl00bkatyusha-al10acolumbia-tl00dhonor_view_20_firmwarenova_4columbia-tl00d_firmwaretony-al00bcornell-tl10b_firmwareparis-l29bcolumbia-l29dhonor_20_pro_firmwareberkeley-l09_firmwarehonor_8acornell-al00asydney-al00yale-al00a_firmwareprinceton-al10btony-al00b_firmwarenova_3jakarta-al00a_firmwarey6_2019sydneym-al00_firmwareyale-l21adura-al00a_firmwarekatyusha-al00ayalep-al10b_firmwarecolumbia-tl00bkatyusha-al10a_firmwaresydney-tl00_firmwaremadrid-al00asydney-tl00yale-al00acolumbia-l29d_firmwaretony-tl00b_firmwareandroidkatyusha-al00a_firmwarenova_3_firmwareyalep-al10bAndroidMultiple Chipsets
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0096
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-5.22% / 89.56%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 20:09
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0403
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 18:28
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-0165
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.63%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139532977

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0423
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-1.41% / 79.70%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:07
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-androiddebian_linuxAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2020-0082
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 18:19
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to system_server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140417434

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-0434
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 18:46
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150730508

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0005
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.95%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 14:22
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-141552859

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0108
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-1.84% / 82.20%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:25
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-0257
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.93%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:32
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CVE-2020-0027
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.26%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 14:22
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144040966

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22068
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.66%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:51
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarewcn3991_firmwaremdm9150_firmwarewsa8830sd678sm6250p_firmwarewcn3998_firmwareqcs610qcs2290_firmwareqca8337wcd9360_firmwaresdx65csra6620qcs4290wcn3950_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresa6155sd690_5gsd730_firmwarewcd9370csra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqca9377sa415mwcn3998wcd9371_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950sm4125sd720gwcd9326_firmwarewcn3615_firmwarewcn3660bsd662sd460_firmwaresa8155sm7315_firmwarewcn7850qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595auqca8081_firmwaresa6155_firmwaresdx12_firmwaresm7250p_firmwarewcd9375_firmwarewcn3615qca6420qca6436_firmwareapq8053_firmwareqrb5165nwcd9360qca6564au_firmwaresd680_firmwaresa6155p_firmwaresd778gwcn3999sa515m_firmwarewcn7851qrb5165_firmwareqrb5165m_firmwaresdxr2_5gsa8155_firmwaresd662_firmwaresa415m_firmwareqcs405qca6430wcn3988_firmwaresa6145p_firmwaresm6250sd778g_firmwaresa8195pwsa8810_firmwarequalcomm215_firmwaresd765gsw5100sd765_firmwareqca6436sd680wcd9326sa6155pwcd9335wcn6851qca8081wcn7851_firmwareqca6174a_firmwareqcs4290_firmwarewcd9385wcd9341qca6696_firmwarewcd9371sd750gsd870_firmwarear8035qca6390sd750g_firmwareaqt1000wcd9375wcn3910_firmwaresm6250_firmwaremsm8953_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwaresd660_firmwarewcn7850_firmwarewsa8815_firmwaresa8195p_firmwarewsa8835_firmwareqca6564awcn6750_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675sw5100psd780gsd865_5gqca6564ausdx55m_firmwarewcn6856_firmwaresd888wsa8835qca6574sd665_firmwarewcd9380sd888_5gsm6250pwcn3999_firmwarequalcomm215qcs410qca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwareqca6174asm7325pqca6430_firmwarewcd9335_firmwarewcn3980sd439_firmwarewcn6750sa515mqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665wcn3910wcn6850wsa8815sd765qca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd695sd768g_firmwareqrb5165mwcn3980_firmwaresm7315sd460qca6391sd730sdx55maqt1000_firmwarewcn6740_firmwaremsm8953sdx65_firmwaresd678_firmwarear8031_firmwareqcm4290sdx50mqrb5165sd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwareqca6564a_firmwarewcd9341_firmwareqcm4290_firmwaresd480sd870wcn6855wsa8810sw5100p_firmwareqcs610_firmwaremdm9150wcn6856sa6145pwcn3680bqca6564_firmwaresd695_firmwaresd768gar8031qcs405_firmwarewcn6740qca6696qca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareapq8053sa8155pcsra6640sd675sd439sm7250psd720g_firmwaresdx12sw5100_firmwareqcs410_firmwarear8035_firmwareqcm2290Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2020-0242
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.95%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:27
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2022-22103
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.49%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:41
Updated-03 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa8540psa9000psa8540p_firmwaresa9000p_firmwareSnapdragon Auto
CWE ID-CWE-415
Double Free
CVE-2020-0081
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.66%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 18:19
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297

Action-Not Available
Vendor-n/aGoogle LLCFedora Project
Product-androidfedoraAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-415
Double Free
CVE-2020-0256
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 11.97%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:31
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-androiddebian_linuxAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0243
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.11%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 19:28
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2019-9254
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.10% / 29.00%
||
7 Day CHG~0.00%
Published-05 Sep, 2019 | 21:42
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 51
  • 52
  • Next
Details not found