Google: >> Android >> 9.0 Security Vulnerabilities
In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-192472262
CVSS Score
8.1
EPSS Score
0.009
Published
2021-10-22
In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-67013844
CVSS Score
5.5
EPSS Score
0.0
Published
2021-10-22
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956
CVSS Score
7.3
EPSS Score
0.0
Published
2021-10-11
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
CVSS Score
4.4
EPSS Score
0.002
Published
2021-10-06
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
CVSS Score
7.2
EPSS Score
0.002
Published
2021-10-06
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
CVSS Score
7.2
EPSS Score
0.002
Published
2021-10-06
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.
CVSS Score
4.4
EPSS Score
0.003
Published
2021-10-06
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.
CVSS Score
6.4
EPSS Score
0.0
Published
2021-10-06
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
CVSS Score
4.0
EPSS Score
0.001
Published
2021-10-06
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
CVSS Score
2.5
EPSS Score
0.0
Published
2021-10-06