Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-42507

Summary
Assigner-google_android
Assigner Org ID-baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At-16 Dec, 2022 | 00:00
Updated At-17 Apr, 2025 | 20:10
Rejected At-
Credits

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:google_android
Assigner Org ID:baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At:16 Dec, 2022 | 00:00
Updated At:17 Apr, 2025 | 20:10
Rejected At:
▼CVE Numbering Authority (CNA)

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A

Affected Products
Vendor
n/a
Product
Android
Versions
Affected
  • Android kernel
Problem Types
TypeCWE IDDescription
textN/AElevation of privilege
Type: text
CWE ID: N/A
Description: Elevation of privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/pixel/2022-12-01
N/A
Hyperlink: https://source.android.com/security/bulletin/pixel/2022-12-01
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/pixel/2022-12-01
x_transferred
Hyperlink: https://source.android.com/security/bulletin/pixel/2022-12-01
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@android.com
Published At:16 Dec, 2022 | 16:15
Updated At:17 Apr, 2025 | 21:15

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>android>>-
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://source.android.com/security/bulletin/pixel/2022-12-01security@android.com
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2022-12-01af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://source.android.com/security/bulletin/pixel/2022-12-01
Source: security@android.com
Resource:
Vendor Advisory
Hyperlink: https://source.android.com/security/bulletin/pixel/2022-12-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2503Records found
CVE-2023-20754
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:44
Updated-04 Dec, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6757cdmt6879mt6873mt6893mt8765mt6580mt6886mt8788mt8791tmt6983mt8666mt6765mt6757cmt6891mt6737mt6883mt6853tmt6835mt6739mt6757mt8768mt8789mt6769mt6761mt6875mt6889mt8797mt8321mt6768mt8781mt8766mt8786mt6985mt6771mt8385mt6833mt6885mt6735mt6753mt6762mt6877mt6781mt6853mt8667mt6895mt6789androidmt6757chmt8185mt8791mt6779mt6785mt6731mt6763MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21078
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.56%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-21 Feb, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254840211References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20653
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG-0.02%
Published-06 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6769mt8788mt6853mt6891mt8192mt6895mt6983mt8871mt6757cdmt8185mt8786mt6889mt6873mt6737mt8766mt8765mt6739mt6833mt8891mt6765mt8385mt6883mt6753mt6789mt8771mt6785mt6735mt6731mt6855mt6877mt8781mt6771mt6580mt6853tmt8795tmt8321mt8667mt8789mt6779mt6762mt6885mt6757mt8666mt6768mt6781mt6879mt6893mt8768mt8675mt6763mt8791mt8791tandroidmt8797mt6757chmt6875mt8798mt6761mt8673mt6757cMT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8192, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26465
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 17:19
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558799; Issue ID: ALPS06558799.

Action-Not Available
Vendor-yoctoprojectGoogle LLCMediaTek Inc.
Product-mt6873mt6893mt6885mt8518mt6983yoctomt6877mt6781mt6853mt6883mt6895mt6853tmt8798androidmt6875mt8797mt6889mt8791mt6779mt8512amt6785mt6879MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8512A, MT8518, MT8791, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20761
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:44
Updated-04 Dec, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6879mt6873mt6893mt8765mt6886mt8788mt8791tmt6983mt6765mt6891mt6883mt6853tmt6835mt6739mt8768mt8789mt6769mt6761mt6875mt6889mt8797mt8321mt6768mt8781mt8766mt8786mt6985mt6771mt6833mt6885mt6762mt6877mt6781mt6853mt6895mt6789androidmt8791mt6779mt6785mt6763MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20806
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-17 Oct, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt8188androidmt8395mt8673mt6983mt8195mt2713mt6879MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673mt6895mt8188mt8395mt8673mt6983mt8195mt2713mt6879
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1122
Matching Score-10
Assigner-ChromeOS Project
ShareView Details
Matching Score-10
Assigner-ChromeOS Project
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 19:51
Updated-06 Oct, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

Action-Not Available
Vendor-Google LLC
Product-chrome_oschromeChromeOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20696
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-23 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).

Action-Not Available
Vendor-MediaTek Inc.Google LLCOpenWrt
Product-mt8791mt8766androidmt8185mt8789mt8321mt8667mt8788mt8365openwrtmt6890mt8666mt8385mt8797mt8167mt8195mt8175mt8675mt8768mt8673mt8781mt8786mt8791tmt6880mt8765mt8395MT6880, MT6890, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20700
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.94%
||
7 Day CHG+0.02%
Published-15 May, 2023 | 00:00
Updated-23 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6779androidmt6891mt6879mt8789mt6877mt8788mt6883mt6885mt6762mt6769mt6889mt8797mt6781mt6768mt6833mt8195mt6893mt6765mt6785mt8768mt6875mt6789mt6853tmt8786mt6873mt6853MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20695
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-23 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).

Action-Not Available
Vendor-MediaTek Inc.Google LLCOpenWrt
Product-mt8791mt8766androidmt8185mt6980mt8789mt6985mt8321mt8667mt8788mt8365openwrtmt8395mt6890mt8666mt8385mt6990mt8797mt8167mt8195mt8175mt8675mt8768mt8673mt6835mt8786mt8781mt8791tmt6880mt8765mt6886MT6835, MT6880, MT6886, MT6890, MT6980, MT6985, MT6990, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20821
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.73%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-11 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.

Action-Not Available
Vendor-rdkcentralMediaTek Inc.Google LLCOpenWrtThe Linux Foundation
Product-mt6855mt6990mt8175mt6873mt6893mt8675mt2735mt8765mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt6891mt6883openwrtmt6835mt6880mt8768mt8789mt6875mt8797mt6889mt8321mt8362amt8781mt8766rdk-bmt8786mt6985mt6890mt8167smt8188mt8385mt6833mt6885mt8673yoctomt6877mt8365mt8195mt6853mt6980mt6895mt8168androidmt8185mt8791mt2713mt6879mt8173MT2713, MT2735, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797mt6855mt6990mt8175mt6873mt6893mt8675mt2735mt8765mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt6891mt6883mt6835mt6880mt8768mt8789mt6875mt8797mt6889mt8321mt8362amt8781mt8766mt8786mt6985mt6890mt8167smt8188mt8385mt6833mt6885mt8673mt6877mt8365mt8195mt6853mt6980mt6895mt8168androidmt8185mt8791mt2713mt6879mt8173
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20666
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8195mt8795tmt6895mt6983androidmt6789mt8188mt8798mt6855mt8781mt8365MT6789, MT6855, MT6895, MT6983, MT8188, MT8195, MT8365, MT8781, MT8795T, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20760
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:44
Updated-26 Nov, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6879mt6895androidmt6983mt8195MT6879, MT6895, MT6983, MT8195mt6879mt6895mt6983mt8195
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20715
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-07 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCMediaTek Inc.The Linux Foundation
Product-mt6855mt8175mt8786mt8167smt8385mt8788mt8673mt8518mt6983mt7902yoctomt8365mt7663mt6895mt5521iot-yoctomt8168mt6789linux_kernelmt7921mt8768mt8789androidmt8797mt8362amt8791mt7668mt8532mt8781mt8766mt6879MT5221, MT6789, MT6855, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8673, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21310
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.87%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-02 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20670
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8788mt6853mt8871mt6895mt6983mt8786mt6889mt6873mt8766mt8891mt8765mt6833mt6739mt8167mt6765mt8385mt6883mt6789mt8771mt6785mt6877mt6855mt8781mt6580mt8195mt6853tmt8795tmt8188mt8321mt8789mt6779mt6885mt6879mt6768mt6781mt2715mt6893mt8768mt8675mt8791androidmt8797mt8696mt8798mt6761mt8365MT2715, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8188, MT8195, MT8321, MT8365, MT8385, MT8675, MT8696, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8795T, MT8797, MT8798, MT8871, MT8891
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20784
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.91%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-14 Nov, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6757cdmt6879mt6873mt6893mt8675mt8765mt6580mt6886mt8788mt8791tmt6983mt8666mt6765mt6757cmt6891mt6737mt6883mt6853tmt6835mt6739mt6757mt8768mt8789mt6769mt6761mt6875mt6889mt8797mt8321mt6768mt8781mt8766mt8786mt6985mt6771mt8385mt6833mt6885mt8673mt6735mt6753mt6762mt6877mt6781mt6853mt6895mt6789androidmt6757chmt8185mt8791mt6779mt6785mt6731mt6763MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9399
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.22%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:13
Updated-19 Dec, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20656
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG-0.04%
Published-06 Apr, 2023 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6785mt6771mt8385mt8797mt8321mt8791tmt8795tmt6879mt6877mt8788mt6883mt6895mt8789mt8781mt6855mt8786mt6893mt8798mt6983mt6781mt8771mt8766mt6779mt6768mt6833mt6873mt8765mt6889mt8768mt6853mt6789mt6765mt6885MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20659
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413.

Action-Not Available
Vendor-yoctoprojectGoogle LLCMediaTek Inc.Linux Kernel Organization, Inc
Product-androidmt8167smt8518mt7663mt8385mt7902mt8797mt8791tyoctomt6879mt6877mt8788linux_kernelmt6895mt8789mt8781mt6855mt8168mt8786mt8798mt6983mt8175mt8365mt6781mt8771mt8675mt8185mt5221mt8766mt7921mt8362amt6833mt8169mt8768mt7668mt6789mt8532MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20681
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-androidmt6983mt8797wifimt8791wifimt8795tmt8365mt6895mt8797mt8781wifimt8781mt8771mt8791mt6886mt8798mt6985mt8791tMT6886, MT6895, MT6983, MT6985, MT8365, MT8771, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8795T, MT8797, MT8797WIFI, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9392
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.22%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 17:15
Updated-19 Dec, 2024 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20757
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.91%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:44
Updated-04 Dec, 2024 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt6771mt6833mt6885mt6877mt6853mt6883mt6853tandroidmt6739mt8789mt8797mt6889mt6768mt6785mt8786MT6739, MT6768, MT6771, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8786, MT8789, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20814
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.46%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:22
Updated-22 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453560; Issue ID: ALPS07453560.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt6833mt6580mt6886mt6885mt6983mt6877mt6781mt6765mt6891mt6883mt6853mt6895mt6853tmt6739androidmt6875mt6761mt6889mt6768mt6779mt6879MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985mt6855mt6985mt6873mt6893mt6833mt6580mt6886mt6885mt6983mt6877mt6781mt6765mt6891mt6883mt6853mt6895mt6853tmt6739androidmt6875mt6761mt6889mt6768mt6779mt6879
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21072
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.56%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-20 Feb, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290781References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21222
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.44%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In load_dt_data of storage.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-266977723References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20766
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:44
Updated-04 Dec, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6879mt8175mt6873mt6893mt8675mt8765mt6580mt6886mt8788mt8791tmt6983mt8666mt8167mt6765mt6891mt6853tmt6739mt6757mt8768mt8789mt6769mt6761mt6875mt8797mt8321mt6768mt8362amt8781mt8766mt8786mt6985mt6771mt8385mt6833mt6735mt6753mt6762mt6877mt6781mt8365mt6853mt8667mt6895mt8168mt6789androidmt8185mt8791mt6779mt6785mt6763mt8173MT6580, MT6735, MT6739, MT6753, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6886, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20811
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.91%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:22
Updated-04 Dec, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.

Action-Not Available
Vendor-Google LLCMediaTek Inc.Linux Kernel Organization, Inc
Product-mt9631mt9011mt9688mt9615mt9022mt9030mt9012mt5695mt9667mt9221mt9617mt5221mt9031mt9216mt9618mt9636mt9653mt9611mt9021mt5583mt9222mt9652mt9629mt9218mt9639mt9266mt9255mt9269mt9016mt9256mt9610mt9612mt9638mt9220mt9675mt9288mt9666mt9669mt9650mt9286mt9632mt9671mt9020mt9685mt9613mt9010mt9602linux_kernelmt9032androidmt9686mt9630mt5691mt9649MT5221, MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9286, MT9288, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9618, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9666, MT9667, MT9669, MT9671, MT9675, MT9685, MT9686, MT9688
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20783
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.91%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-14 Nov, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6757cdmt6879mt6873mt6893mt8675mt8765mt6580mt6886mt8788mt8791tmt6983mt8666mt6765mt6757cmt6891mt6737mt6883mt6853tmt6835mt6739mt6757mt8768mt8789mt6769mt6761mt6875mt6889mt8797mt8321mt6768mt8781mt8766mt8786mt6985mt6771mt8385mt6833mt6885mt8673mt6735mt6753mt6762mt6877mt6781mt6853mt6895mt6789androidmt6757chmt8185mt8791mt6779mt6785mt6731mt6763MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20735
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.15%
||
7 Day CHG-0.01%
Published-06 Jun, 2023 | 12:11
Updated-08 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt8175mt6873mt6893mt5838mt5696mt8395mt8791tmt5836mt9649mt6891mt6883mt9000mt9653mt9015mt9618mt6853tmt9023mt8789mt6769mt6875mt8797mt6889mt9687mt6768mt9952mt8781mt8786mt6833mt6885mt8673yoctomt9902mt6877mt6781mt8365mt8195mt6853mt9932iot-yoctomt8168mt6789androidmt9972mt9679mt9689mt6779mt6785mt9982mt9025MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20732
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.15%
||
7 Day CHG-0.01%
Published-06 Jun, 2023 | 12:11
Updated-08 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6855mt8175mt6873mt6893mt6886mt8788mt6983mt7902mt8666mt8167mt6765mt7663mt6891mt6883mt7921mt6835mt6769mt6761mt6875mt6889mt8362amt6768mt8781mt6985mt8695mt8167smt8385mt6833mt6885mt8518yoctomt6877mt6762mt6781mt8365mt8195mt6853mt6895mt6789androidmt6779mt6785mt7668mt8532mt6879mt8173MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167, MT8167S, MT8173, MT8175, MT8195, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8666, MT8695, MT8781, MT8788
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20626
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853mt6893mt8768androidmt6768mt6781mt6889mt6833mt6873mt6739mt6765mt8766mt6761mt6883mt8797mt6885mt6779mt8791mt6877mt8667mt8675mt8765mt6771mt8666mt8789mt8785mt6785MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8785, MT8789, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20822
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.73%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-11 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt8175mt6893mt8167smt8168androidmt6885mt6889mt8362amt8195zmt8167mt8195mt6891mt6883MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8195Z, MT8362Amt6895mt8175mt6893mt8167smt8168androidmt6885mt6889mt8362amt8195zmt8167mt8195mt6891mt6883
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21076
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.56%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-20 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createTransmitFollowupRequest of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857623References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20786
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-04 Dec, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt8175mt6873mt6893mt6580mt6886mt6983mt8167mt6765mt6883mt6835mt6739mt6761mt2713mt6889mt8362amt6768mt6985mt8167smt8188mt6833mt6885mt8673mt6877mt6781mt8365mt8195mt6853mt6895mt8168mt6789androidmt6779mt6785mt6879MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8362A, MT8365, MT8673
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20775
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.76%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:44
Updated-04 Dec, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410.

Action-Not Available
Vendor-MediaTek Inc.Google LLCOpenWrt
Product-mt6855mt6757cdmt6879mt6873mt6893mt6990mt6886mt6983mt8183mt6765mt6757cmt6853topenwrtmt6835mt6739mt6757mt6761mt6889mt6768mt8781mt6985mt6890mt6771mt6833mt6885mt8673mt6877mt6781mt8195mt6853mt6895mt8168mt6789androidmt6757chmt6779mt6785mt6763MT6739, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6983, MT6985, MT6990, MT8168, MT8183, MT8195, MT8673, MT8781
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0662
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.91%
||
7 Day CHG~0.00%
Published-25 Oct, 2021 | 13:18
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidMT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0935
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.02%
||
7 Day CHG~0.00%
Published-25 Oct, 2021 | 13:20
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21792
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.15%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 13:56
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6853tmt6893androidmt6833mt6885mt6875mt6889mt6877mt6853mt6883MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21785
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 13:08
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt8695mt8675mt8167smt8385mt8788mt6983mt6877mt8365mt8183mt8667mt8696mt8168mt8768mt8789androidmt8797mt8185mt8362amt8791mt8786mt8766MT6877, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39736
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.92%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-21780
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 13:07
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt6873mt6893mt8675mt8788mt6983mt8183mt6883mt8696mt8768mt8789mt6761mt8797mt6889mt8362amt8786mt8766mt8167smt8385mt6833mt6885mt6877mt6781mt8365mt6853mt8667mt6895mt8168androidmt8185mt8791mt6779mt6879MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21783
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 13:08
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt6873mt6893mt8675mt8788mt6983mt8183mt6883mt8696mt8768mt8789mt6761mt8797mt6889mt8362amt8786mt8766mt8167smt8385mt6833mt6885mt6877mt6781mt8365mt6853mt8667mt6895mt8168androidmt8185mt8791mt6779mt6879MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25475
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-3.9||LOW
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:08
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynos_9830exynos_980exynos_2100Samsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25518
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 5.15%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25469
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6||MEDIUM
EPSS-0.02% / 5.67%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:07
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20576
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20580
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25396
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.15%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynos_2100exynos_9830exynos_980exynos_9820Samsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20509
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 50
  • 51
  • Next
Details not found