Home/Product/google android
Product

google android

500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-21022
all versions
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensiti
5.5MEDIUM
 CVE-2026-21021
all versions
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
6.8MEDIUM
 CVE-2026-21020
all versions
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privi
7.8HIGH
 CVE-2026-21018
all versions
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
6.7MEDIUM
 CVE-2026-21016
all versions
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive infor
5.5MEDIUM
 CVE-2026-21015
all versions
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
5.5MEDIUM
 CVE-2025-71256
all versions
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional executi
7.5HIGH
 CVE-2025-71255
all versions
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execut
7.5HIGH
 CVE-2025-71254
all versions
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execut
7.5HIGH
 CVE-2025-71253
all versions
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execut
7.5HIGH
 CVE-2025-71252
all versions
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execut
7.5HIGH
 CVE-2025-71251
all versions
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no add
7.5HIGH
 CVE-2026-0073
all versions
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the
8.8HIGH
 CVE-2026-21023
all versions
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to
5.5MEDIUM
 CVE-2026-21012
all versions
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with s
3.3LOW
 CVE-2026-21011
all versions
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypas
6.8MEDIUM
 CVE-2026-21010
all versions
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
6.6MEDIUM
 CVE-2026-21009
all versions
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinnin
6.8MEDIUM
 CVE-2026-21008
all versions
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive informat
6.5MEDIUM
 CVE-2026-21007
all versions
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox
6.8MEDIUM
 CVE-2026-21006
all versions
Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification
2.4LOW
 CVE-2026-21003
all versions
Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to byp
6.8MEDIUM
 CVE-2026-0049
all versions
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This c
6.2MEDIUM
 CVE-2025-48651
all versions
In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input
5.5MEDIUM
 CVE-2026-20992
all versions
Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background dat
3.3LOW
 CVE-2026-20991
all versions
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial con
4.4MEDIUM
 CVE-2026-20990
all versions
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launc
8.1HIGH
 CVE-2026-20989
all versions
Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use
2.4LOW
 CVE-2026-20988
all versions
Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch
5.0MEDIUM
 CVE-2026-0124
all versions
There is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no ad
7.8HIGH
 CVE-2026-0123
all versions
In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. Th
8.4HIGH
 CVE-2026-0122
all versions
In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution wit
8.4HIGH
 CVE-2026-0121
all versions
In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no a
2.9LOW
 CVE-2026-0120
all versions
In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with
9.8CRITICAL
 CVE-2026-0119
all versions
In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of bounds write due to memory corruption. This could lead
6.8MEDIUM
 CVE-2026-0118
all versions
In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could lead to local escalation of priv
8.4HIGH
 CVE-2026-0117
all versions
In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to l
8.4HIGH
 CVE-2026-0116
all versions
In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible out of bounds write due to a missing bounds check. This could
9.8CRITICAL
 CVE-2026-0115
all versions
In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to phys
2.1LOW
 CVE-2026-0114
all versions
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with
9.8CRITICAL
 CVE-2026-0113
all versions
In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lea
9.8CRITICAL
 CVE-2026-0112
all versions
In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation o
7.4HIGH
 CVE-2026-0111
all versions
In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lea
9.8CRITICAL
 CVE-2026-0110
all versions
In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation
9.8CRITICAL
 CVE-2026-0109
all versions
In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to
7.5HIGH
 CVE-2026-0108
all versions
The register protection of the PowerVR GPU is incorrectly configured. This could lead to local information disclosure with no addi
4.0MEDIUM
 CVE-2026-0107
all versions
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could l
8.4HIGH
 CVE-2025-36920
all versions
In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This co
8.4HIGH
 CVE-2025-48611
all versions
In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local es
10.0CRITICAL
 CVE-2025-69279
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-69278
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61616
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61615
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61614
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61613
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61612
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2026-0047
all versions
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a miss
8.4HIGH
 CVE-2026-0038
all versions
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This c
8.4HIGH
 CVE-2026-0037
all versions
In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local e
8.4HIGH
 CVE-2026-0035
all versions
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to
8.4HIGH
 CVE-2026-0034
all versions
In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input vali
8.4HIGH
 CVE-2026-0032
all versions
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead
7.8HIGH
 CVE-2026-0031
all versions
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to loc
8.4HIGH
 CVE-2026-0030
all versions
In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This
8.4HIGH
 CVE-2026-0029
all versions
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local esca
8.4HIGH
 CVE-2026-0028
all versions
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead t
8.4HIGH
 CVE-2026-0027
all versions
In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local esc
6.7MEDIUM
 CVE-2026-0026
all versions
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logi
7.8HIGH
 CVE-2026-0025
all versions
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This cou
8.4HIGH
 CVE-2026-0024
all versions
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due t
4.0MEDIUM
 CVE-2026-0023
all versions
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a miss
7.8HIGH
 CVE-2026-0021
all versions
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused de
8.4HIGH
 CVE-2026-0020
all versions
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions du
8.4HIGH
 CVE-2026-0017
all versions
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This
7.7HIGH
 CVE-2026-0015
all versions
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. Th
6.2MEDIUM
 CVE-2026-0014
all versions
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation.
6.2MEDIUM
 CVE-2026-0013
all versions
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy.
8.4HIGH
 CVE-2026-0012
all versions
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due to a logic error in the code.
6.2MEDIUM
 CVE-2026-0011
all versions
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error i
8.4HIGH
 CVE-2026-0010
all versions
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to
8.4HIGH
 CVE-2026-0008
all versions
In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of
8.4HIGH
 CVE-2026-0007
all versions
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overla
8.6HIGH
 CVE-2026-0006
all versions
In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote c
9.8CRITICAL
 CVE-2026-0005
all versions
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited inter
6.2MEDIUM
 CVE-2025-48654
all versions
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could
7.8HIGH
 CVE-2025-48653
all versions
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. T
7.8HIGH
 CVE-2025-48650
all versions
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of pri
8.4HIGH
 CVE-2025-48646
all versions
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local
7.8HIGH
 CVE-2025-48645
all versions
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could le
7.8HIGH
 CVE-2025-48644
all versions
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local
5.5MEDIUM
 CVE-2025-48642
all versions
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to
5.5MEDIUM
 CVE-2025-48641
all versions
In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of
7.0HIGH
 CVE-2025-48636
all versions
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal
8.4HIGH
 CVE-2025-48635
all versions
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the
7.7HIGH
 CVE-2025-48634
all versions
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could l
7.3HIGH
 CVE-2025-48630
all versions
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information dis
7.4HIGH
 CVE-2025-48619
all versions
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a
8.4HIGH
 CVE-2025-48613
all versions
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed
7.8HIGH
 CVE-2025-48609
all versions
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MM
9.1CRITICAL
 CVE-2025-48605
all versions
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This c
8.4HIGH
 CVE-2025-48602
all versions
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a
8.4HIGH
 CVE-2025-48587
all versions
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation.
6.2MEDIUM
 CVE-2025-48585
all versions
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation.
6.2MEDIUM
 CVE-2025-48582
all versions
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent red
8.4HIGH
 CVE-2025-48579
all versions
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy
8.4HIGH
 CVE-2025-48578
all versions
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a miss
7.8HIGH
 CVE-2025-48577
all versions
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead
7.4HIGH
 CVE-2025-48574
all versions
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a mis
8.4HIGH
 CVE-2025-48568
all versions
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privi
7.4HIGH
 CVE-2025-48567
all versions
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to
7.8HIGH
 CVE-2025-32313
all versions
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to l
8.4HIGH
 CVE-2024-43766
all versions
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could l
6.5MEDIUM
 CVE-2024-31328
all versions
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the backgr
8.8HIGH
 CVE-2026-20445
all versions
In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor
4.4MEDIUM
 CVE-2026-20444
all versions
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege
6.7MEDIUM
 CVE-2026-20443
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
6.7MEDIUM
 CVE-2026-20442
all versions
In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious acto
4.4MEDIUM
 CVE-2026-20441
all versions
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if
6.7MEDIUM
 CVE-2026-20440
all versions
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if
6.7MEDIUM
 CVE-2026-20439
all versions
In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor
4.4MEDIUM
 CVE-2026-20438
all versions
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a mal
6.4MEDIUM
 CVE-2026-20437
all versions
In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor ha
4.4MEDIUM
 CVE-2026-20435
all versions
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information dis
4.6MEDIUM
 CVE-2026-20429
all versions
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure
4.4MEDIUM
 CVE-2026-20428
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2026-20427
all versions
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of priv
6.7MEDIUM
 CVE-2026-20426
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2026-20425
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2026-20424
all versions
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure
4.4MEDIUM
 CVE-2026-20416
all versions
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege i
7.2HIGH
 CVE-2026-0106
all versions
In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escal
9.3CRITICAL
 CVE-2026-20983
all versions
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to laun
7.8HIGH
 CVE-2026-20982
all versions
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system priv
6.0MEDIUM
 CVE-2026-20981
all versions
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrar
6.6MEDIUM
 CVE-2026-20980
all versions
Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands.
6.8MEDIUM
 CVE-2026-20979
all versions
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with
7.8HIGH
 CVE-2026-20978
all versions
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence config
6.1MEDIUM
 CVE-2026-20977
all versions
Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.
5.5MEDIUM
 CVE-2026-20417
all versions
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege i
5.3MEDIUM
 CVE-2026-20415
all versions
In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a maliciou
5.5MEDIUM
 CVE-2026-20414
all versions
In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if
6.7MEDIUM
 CVE-2026-20413
all versions
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege
6.7MEDIUM
 CVE-2026-20412
all versions
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privil
7.8HIGH
 CVE-2026-20411
all versions
In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a m
7.8HIGH
 CVE-2026-20410
all versions
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege
6.7MEDIUM
 CVE-2026-20409
all versions
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege
7.8HIGH
 CVE-2025-48647
all versions
In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input va
7.8HIGH
 CVE-2025-36911
all versions
In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) infor
7.1HIGH
 CVE-2026-20974
all versions
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to byp
4.6MEDIUM
 CVE-2026-20973
all versions
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory
5.3MEDIUM
 CVE-2026-20972
all versions
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
3.3LOW
 CVE-2026-20971
all versions
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
7.8HIGH
 CVE-2026-20970
all versions
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
7.8HIGH
 CVE-2026-20969
all versions
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privileg
5.5MEDIUM
 CVE-2026-20968
all versions
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
6.7MEDIUM
 CVE-2025-20807
all versions
In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a
6.7MEDIUM
 CVE-2025-20806
all versions
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicio
6.7MEDIUM
 CVE-2025-20805
all versions
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicio
6.7MEDIUM
 CVE-2025-20804
all versions
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicio
6.7MEDIUM
 CVE-2025-20803
all versions
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a ma
6.7MEDIUM
 CVE-2025-20802
all versions
In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a m
6.7MEDIUM
 CVE-2025-20801
all versions
In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a ma
7.0HIGH
 CVE-2025-20800
all versions
In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
7.8HIGH
 CVE-2025-20799
all versions
In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malici
7.8HIGH
 CVE-2025-20798
all versions
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
7.8HIGH
 CVE-2025-20797
all versions
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
7.8HIGH
 CVE-2025-20796
all versions
In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privil
7.8HIGH
 CVE-2025-20795
all versions
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privi
7.8HIGH
 CVE-2025-20787
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
6.7MEDIUM
 CVE-2025-20786
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
6.7MEDIUM
 CVE-2025-20785
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
6.7MEDIUM
 CVE-2025-20784
all versions
In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a
6.7MEDIUM
 CVE-2025-20783
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2025-20782
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2025-20781
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
7.8HIGH
 CVE-2025-20780
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
7.8HIGH
 CVE-2025-20779
all versions
In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a mali
7.0HIGH
 CVE-2025-20778
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
7.8HIGH
 CVE-2025-36938
all versions
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical
6.8MEDIUM
 CVE-2025-36937
all versions
In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds chec
9.8CRITICAL
 CVE-2025-36936
all versions
In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could le
7.8HIGH
 CVE-2025-36935
all versions
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead
7.8HIGH
 CVE-2025-36934
all versions
In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. T
7.4HIGH
 CVE-2025-36932
all versions
In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper inpu
7.8HIGH
 CVE-2025-36931
all versions
In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local
7.8HIGH
 CVE-2025-36930
all versions
In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local
7.8HIGH
 CVE-2025-36929
all versions
In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could
5.5MEDIUM
 CVE-2025-36928
all versions
In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to lo
7.8HIGH
 CVE-2025-36927
all versions
In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could
7.8HIGH
 CVE-2025-36925
all versions
In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lea
7.8HIGH
 CVE-2025-36924
all versions
In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds ch
8.0HIGH
 CVE-2025-36923
all versions
In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer ov
8.0HIGH
 CVE-2025-36922
all versions
In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalat
6.7MEDIUM
 CVE-2025-36921
all versions
In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This
5.5MEDIUM
 CVE-2025-36919
all versions
In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of
7.8HIGH
 CVE-2025-36918
all versions
In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could
7.8HIGH
 CVE-2025-36917
all versions
In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lea
6.5MEDIUM
 CVE-2025-36916
all versions
In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local
7.0HIGH
 CVE-2025-36912
all versions
In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of ser
6.5MEDIUM
 CVE-2025-36889
all versions
In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local
5.5MEDIUM
 CVE-2025-48625
all versions
In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due
7.0HIGH
 CVE-2025-48608
all versions
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This cou
5.5MEDIUM
 CVE-2025-48606
all versions
In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a me
7.8HIGH
 CVE-2025-48569
all versions
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial
5.5MEDIUM
 CVE-2025-48639
all versions
In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay a
7.3HIGH
 CVE-2025-48638
all versions
In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to lo
7.8HIGH
 CVE-2025-48637
all versions
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to loc
7.8HIGH
 CVE-2025-48633
all versions
In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due t
5.5MEDIUM
 CVE-2025-48632
all versions
In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disa
7.8HIGH
 CVE-2025-48631
all versions
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This c
6.5MEDIUM
 CVE-2025-48629
all versions
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app
7.8HIGH
 CVE-2025-48628
all versions
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This
7.8HIGH
 CVE-2025-48627
all versions
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background
7.8HIGH
 CVE-2025-48626
all versions
In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. T
9.8CRITICAL
 CVE-2025-48624
all versions
In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead
7.8HIGH
 CVE-2025-48623
all versions
In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to loca
7.8HIGH
 CVE-2025-48622
all versions
In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local
5.5MEDIUM
 CVE-2025-48621
all versions
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead
7.3HIGH
 CVE-2025-48620
all versions
In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component
7.8HIGH
 CVE-2025-48618
all versions
In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper
6.8MEDIUM
 CVE-2025-48615
all versions
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This
7.8HIGH
 CVE-2025-48614
all versions
In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missi
4.6MEDIUM
 CVE-2025-48612
all versions
In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC pay
7.8HIGH
 CVE-2025-48610
all versions
In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code.
5.5MEDIUM
 CVE-2025-48607
all versions
In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could le
5.5MEDIUM
 CVE-2025-48604
all versions
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead
5.5MEDIUM
 CVE-2025-48603
all versions
In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could
5.5MEDIUM
 CVE-2025-48601
all versions
In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local
5.5MEDIUM
 CVE-2025-48600
all versions
In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead t
5.5MEDIUM
 CVE-2025-48599
all versions
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing
7.8HIGH
 CVE-2025-48598
all versions
In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This cou
6.6MEDIUM
 CVE-2025-48597
all versions
In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. Thi
7.8HIGH
 CVE-2025-48596
all versions
In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escala
7.8HIGH
 CVE-2025-48594
all versions
In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disas
7.3HIGH
 CVE-2025-48592
all versions
In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to rem
7.5HIGH
 CVE-2025-48591
all versions
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead
5.5MEDIUM
 CVE-2025-48590
all versions
In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services
5.5MEDIUM
 CVE-2025-48589
all versions
In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic
7.8HIGH
 CVE-2025-48588
all versions
In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lea
7.8HIGH
 CVE-2025-48586
all versions
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused
7.8HIGH
 CVE-2025-48584
all versions
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing
5.5MEDIUM
 CVE-2025-48583
all versions
In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This
7.8HIGH
 CVE-2025-48580
all versions
In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background
7.8HIGH
 CVE-2025-48576
all versions
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial o
5.5MEDIUM
 CVE-2025-48575
all versions
In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This cou
7.8HIGH
 CVE-2025-48573
all versions
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the backgr
7.8HIGH
 CVE-2025-48572
all versions
In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could le
7.8HIGH
 CVE-2025-48566
all versions
In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validatio
7.8HIGH
 CVE-2025-48565
all versions
In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This co
7.8HIGH
 CVE-2025-48564
all versions
In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of pr
7.0HIGH
 CVE-2025-48555
all versions
In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused depu
7.8HIGH
 CVE-2025-48536
all versions
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secur
7.8HIGH
 CVE-2025-48525
all versions
In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not ass
7.8HIGH
 CVE-2025-32329
all versions
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a
7.8HIGH
 CVE-2025-32328
all versions
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a
7.8HIGH
 CVE-2025-32319
all versions
In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a pe
6.7MEDIUM
 CVE-2025-22432
all versions
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. Thi
6.7MEDIUM
 CVE-2025-22420
all versions
In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead
7.8HIGH
 CVE-2025-20789
all versions
In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclo
4.4MEDIUM
 CVE-2025-20788
all versions
In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service w
4.4MEDIUM
 CVE-2025-20777
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2025-20776
all versions
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege
6.7MEDIUM
 CVE-2025-20775
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
6.7MEDIUM
 CVE-2025-20774
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2025-20773
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
6.7MEDIUM
 CVE-2025-20772
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
6.7MEDIUM
 CVE-2025-20771
all versions
In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of p
6.7MEDIUM
 CVE-2025-20770
all versions
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mal
6.7MEDIUM
 CVE-2025-20769
all versions
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2025-20768
all versions
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege
7.8HIGH
 CVE-2025-20767
all versions
In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege i
7.8HIGH
 CVE-2025-20766
all versions
In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privile
7.8HIGH
 CVE-2025-20765
all versions
In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious
4.7MEDIUM
 CVE-2025-20764
all versions
In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if
7.8HIGH
 CVE-2025-20763
all versions
In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege
7.8HIGH
 CVE-2025-58480
all versions
Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-boun
4.3MEDIUM
 CVE-2025-58479
all versions
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memor
4.3MEDIUM
 CVE-2025-58478
all versions
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memo
4.3MEDIUM
 CVE-2025-58477
all versions
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access
4.3MEDIUM
 CVE-2025-58476
all versions
Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds m
4.2MEDIUM
 CVE-2025-58475
all versions
Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bound
5.6MEDIUM
 CVE-2025-21080
all versions
Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to
6.2MEDIUM
 CVE-2025-21072
all versions
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers
5.7MEDIUM
 CVE-2025-61619
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61618
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61617
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61610
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61609
all versions
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no a
7.5HIGH
 CVE-2025-61608
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-61607
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-3012
all versions
In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-11133
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-11132
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-11131
all versions
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with n
7.5HIGH
 CVE-2025-48593
all versions
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could l
8.0HIGH
 CVE-2025-21075
all versions
Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memo
4.3MEDIUM
 CVE-2025-21074
all versions
Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memor
4.3MEDIUM
 CVE-2025-21073
all versions
Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to acce
6.8MEDIUM
 CVE-2025-21071
all versions
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers t
5.7MEDIUM
 CVE-2025-20749
all versions
In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privileg
6.7MEDIUM
 CVE-2025-20747
all versions
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of
6.7MEDIUM
 CVE-2025-20746
all versions
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of
6.7MEDIUM
 CVE-2025-20745
all versions
In apusys, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a mali
4.2MEDIUM
 CVE-2025-20744
all versions
In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a m
4.2MEDIUM
 CVE-2025-20743
all versions
In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if
4.2MEDIUM
 CVE-2025-20730
all versions
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of
6.7MEDIUM
 CVE-2025-20723
all versions
In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of p
7.8HIGH
 CVE-2025-20722
all versions
In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure
5.5MEDIUM
 CVE-2025-20721
all versions
In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privil
7.8HIGH
 CVE-2025-21055
all versions
Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bo
4.3MEDIUM
 CVE-2025-21054
all versions
Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to
4.0MEDIUM
 CVE-2025-21053
all versions
Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers t
4.0MEDIUM
 CVE-2025-21052
all versions
Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1
4.0MEDIUM
 CVE-2025-21051
all versions
Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to
4.0MEDIUM
 CVE-2025-21050
all versions
Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user
7.1HIGH
 CVE-2025-21049
all versions
Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. Use
5.5MEDIUM
 CVE-2025-21048
all versions
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.
6.7MEDIUM
 CVE-2025-21047
all versions
Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.
5.2MEDIUM
 CVE-2025-21046
all versions
Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily a
2.4LOW
 CVE-2025-21044
all versions
Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-boun
5.7MEDIUM
 CVE-2025-21043
all versions
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
8.8HIGH
 CVE-2025-21042
all versions
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
8.8HIGH
 CVE-2025-32320
all versions
In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of
7.8HIGH
 CVE-2025-32318
all versions
In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege
8.8HIGH
 CVE-2025-32317
all versions
In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosur
5.5MEDIUM
 CVE-2025-32316
all versions
In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosur
5.5MEDIUM
 CVE-2025-26461
all versions
In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attemp
3.3LOW
 CVE-2025-26434
all versions
In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with
5.5MEDIUM
 CVE-2024-0028
all versions
In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. T
5.5MEDIUM
 CVE-2025-32322
all versions
In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthor
7.8HIGH
 CVE-2025-26439
all versions
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled
7.8HIGH
 CVE-2025-26431
all versions
In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due
7.8HIGH
 CVE-2025-26419
all versions
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lea
3.3LOW
 CVE-2025-22415
all versions
In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation
4.0MEDIUM
 CVE-2025-22414
all versions
In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check.
7.8HIGH
 CVE-2024-49731
all versions
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watc
4.0MEDIUM
 CVE-2024-40664
all versions
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due
6.2MEDIUM
 CVE-2025-48581
all versions
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. Thi
8.4HIGH
 CVE-2025-48563
all versions
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This
7.8HIGH
 CVE-2025-48562
all versions
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to l
5.0MEDIUM
 CVE-2025-48561
all versions
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure.
5.5MEDIUM
 CVE-2025-48560
all versions
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to l
5.5MEDIUM
 CVE-2025-48559
all versions
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. T
5.5MEDIUM
 CVE-2025-48558
all versions
In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Imp
7.8HIGH
 CVE-2025-48556
all versions
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input vali
7.3HIGH
 CVE-2025-48554
all versions
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error
6.1MEDIUM
 CVE-2025-48553
all versions
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the
7.8HIGH
 CVE-2025-48552
all versions
In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic err
7.8HIGH
 CVE-2025-48551
all versions
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. T
5.0MEDIUM
 CVE-2025-48550
all versions
In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal erro
5.5MEDIUM
 CVE-2025-48549
all versions
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could
7.8HIGH
 CVE-2025-48548
all versions
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicat
7.3HIGH
 CVE-2025-48547
all versions
In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local e
7.3HIGH
 CVE-2025-48546
all versions
In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code.
7.8HIGH
 CVE-2025-48545
all versions
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deput
7.1HIGH
 CVE-2025-48544
all versions
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to loca
7.8HIGH
 CVE-2025-48543
all versions
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. T
8.8HIGH
 CVE-2025-48542
all versions
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. T
5.5MEDIUM
 CVE-2025-48541
all versions
In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input va
7.8HIGH
 CVE-2025-48540
all versions
In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This c
7.8HIGH
 CVE-2025-48539
all versions
In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (
8.0HIGH
 CVE-2025-48538
all versions
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due
5.5MEDIUM
 CVE-2025-48537
all versions
In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to
7.1HIGH
 CVE-2025-48535
all versions
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resultin
7.8HIGH
 CVE-2025-48534
all versions
In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the
8.8HIGH
 CVE-2025-48533
all versions
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition.
7.0HIGH
 CVE-2025-48532
all versions
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a con
7.3HIGH
 CVE-2025-48531
all versions
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could
7.8HIGH
 CVE-2025-48530
all versions
In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lea
8.1HIGH
 CVE-2025-48529
all versions
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. T
5.5MEDIUM
 CVE-2025-48528
all versions
In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local
4.0MEDIUM
 CVE-2025-48527
all versions
In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. This co
6.2MEDIUM
 CVE-2025-48526
all versions
In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in an
4.0MEDIUM
 CVE-2025-48524
all versions
In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead
5.5MEDIUM
 CVE-2025-48523
all versions
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the
7.8HIGH
 CVE-2025-48522
all versions
In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in
7.8HIGH
 CVE-2025-32350
all versions
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjack
7.8HIGH
 CVE-2025-32349
all versions
In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escal
7.8HIGH
 CVE-2025-32347
all versions
In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe Pendin
7.8HIGH
 CVE-2025-32346
all versions
In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused depu
7.8HIGH
 CVE-2025-32345
all versions
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the pr
7.8HIGH
 CVE-2025-32333
all versions
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. Th
7.8HIGH
 CVE-2025-32332
all versions
In multiple locations, there is a possible memory corruption due to a use after free. This could lead to local escalation of privi
7.8HIGH
 CVE-2025-32331
all versions
In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code
7.8HIGH
 CVE-2025-32330
all versions
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to
5.7MEDIUM
 CVE-2025-32327
all versions
In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead t
7.8HIGH
 CVE-2025-32326
all versions
In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused
7.8HIGH
 CVE-2025-32325
all versions
In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escal
7.8HIGH
 CVE-2025-32324
all versions
In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This cou
7.8HIGH
 CVE-2025-32323
all versions
In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a perm
7.8HIGH
 CVE-2025-32321
all versions
In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused depu
7.8HIGH
 CVE-2025-26464
all versions
In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the
7.8HIGH
 CVE-2025-26454
all versions
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to
7.8HIGH
 CVE-2025-22441
all versions
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in
7.3HIGH
 CVE-2025-0089
all versions
In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to loc
7.8HIGH
 CVE-2025-0076
all versions
In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This cou
3.3LOW
 CVE-2024-49714
all versions
In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paire
7.8HIGH
 CVE-2025-32312
all versions
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be
7.8HIGH
 CVE-2025-26463
all versions
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead
5.5MEDIUM
 CVE-2025-26462
all versions
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This coul
7.8HIGH
 CVE-2025-26458
all versions
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the
7.8HIGH
 CVE-2025-26456
all versions
In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code.
5.5MEDIUM
 CVE-2025-26455
all versions
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead
7.8HIGH
 CVE-2025-26453
all versions
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the
5.5MEDIUM
 CVE-2025-26452
all versions
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused d
7.8HIGH
 CVE-2025-26450
all versions
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events t
7.8HIGH
 CVE-2025-26449
all versions
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial
5.5MEDIUM
 CVE-2025-26448
all versions
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local i
5.5MEDIUM
 CVE-2025-26445
all versions
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This co
5.5MEDIUM
 CVE-2025-26444
all versions
In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to t
7.8HIGH
 CVE-2025-26443
all versions
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sourc
7.3HIGH
 CVE-2025-26442
all versions
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in
5.5MEDIUM
 CVE-2025-26441
all versions
In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote i
6.5MEDIUM
 CVE-2025-26440
all versions
In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions byp
7.8HIGH
 CVE-2025-26438
all versions
In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect imp
8.8HIGH
 CVE-2025-26437
all versions
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to
5.5MEDIUM
 CVE-2025-26436
all versions
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from t
7.8HIGH
 CVE-2025-26435
all versions
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the pr
7.8HIGH
 CVE-2025-26432
all versions
In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to lo
5.5MEDIUM
 CVE-2025-26430
all versions
In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This
7.8HIGH
 CVE-2025-26429
all versions
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could l
5.5MEDIUM
 CVE-2025-26428
all versions
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This cou
3.2LOW
 CVE-2025-26427
all versions
In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation
4.4MEDIUM
 CVE-2025-26426
all versions
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "and
5.1MEDIUM
 CVE-2025-26425
all versions
In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code
4.0MEDIUM
 CVE-2025-26424
all versions
In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could le
4.0MEDIUM
 CVE-2025-26423
all versions
In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing boun
6.2MEDIUM
 CVE-2025-26422
all versions
In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing
4.0MEDIUM
 CVE-2025-26421
all versions
In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalatio
4.0MEDIUM
 CVE-2025-26420
all versions
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect per
4.4MEDIUM
 CVE-2025-22425
all versions
In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to loca
5.1MEDIUM
 CVE-2025-0087
all versions
In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission c
5.1MEDIUM
 CVE-2025-0077
all versions
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to l
4.0MEDIUM
 CVE-2024-49739
all versions
In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local esc
4.0MEDIUM
 CVE-2023-35657
all versions
In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local inf
4.0MEDIUM
 CVE-2025-36909
all versions
Information disclosure
5.3MEDIUM
 CVE-2025-36908
all versions
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could
6.7MEDIUM
 CVE-2025-36907
all versions
In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. Thi
7.3HIGH
 CVE-2025-36906
all versions
In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. Th
7.8HIGH
 CVE-2025-36905
all versions
In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead
7.8HIGH
 CVE-2025-36904
all versions
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.
9.8CRITICAL
 CVE-2025-36903
all versions
In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation
7.8HIGH
 CVE-2025-36902
all versions
In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This c
6.7MEDIUM
 CVE-2025-36901
all versions
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.
8.8HIGH
 CVE-2025-36900
all versions
In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local
6.7MEDIUM
 CVE-2025-36899
all versions
There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical esc
8.4HIGH
 CVE-2025-36898
all versions
There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege wit
7.8HIGH
 CVE-2025-36897
all versions
In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to
9.8CRITICAL
 CVE-2025-36896
all versions
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.
9.8CRITICAL
 CVE-2025-36895
all versions
Information disclosure
7.5HIGH
 CVE-2025-36894
all versions
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional
7.5HIGH
 CVE-2025-36893
all versions
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to lo
5.5MEDIUM
 CVE-2025-36892
all versions
Denial of service
7.5HIGH
 CVE-2025-36891
all versions
Elevation of privilege
8.8HIGH
 CVE-2025-36890
all versions
Elevation of Privilege
9.8CRITICAL
 CVE-2025-36887
all versions
In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds c
7.8HIGH
 CVE-2024-56190
all versions
In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could
7.8HIGH
 CVE-2024-56189
all versions
In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This cou
6.5MEDIUM
 CVE-2025-21041
< 16.0
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive informat
6.2MEDIUM
 CVE-2025-21034
all versions
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.
4.0MEDIUM
 CVE-2025-21033
all versions
Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.
4.0MEDIUM
 CVE-2025-21032
all versions
Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limite
5.9MEDIUM
 CVE-2025-21031
all versions
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
6.8MEDIUM
 CVE-2025-21029
all versions
Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary
4.0MEDIUM
 CVE-2025-21028
all versions
Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial ite
5.5MEDIUM
 CVE-2025-21027
all versions
Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temp
5.1MEDIUM
 CVE-2025-21026
all versions
Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the
4.0MEDIUM
 CVE-2025-21025
all versions
Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from backgro
5.1MEDIUM
 CVE-2023-21480
all versions
Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged ac
8.5HIGH
 CVE-2023-21479
all versions
Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote
5.3MEDIUM
 CVE-2023-21478
all versions
Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protec
6.0MEDIUM
 CVE-2023-21477
all versions
Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attack
7.9HIGH
 CVE-2023-21476
all versions
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execut
8.0HIGH
 CVE-2023-21475
all versions
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execut
8.0HIGH
 CVE-2023-21474
all versions
Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with sys
6.3MEDIUM
 CVE-2023-21473
all versions
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute
6.8MEDIUM
 CVE-2023-21472
all versions
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute
6.8MEDIUM
 CVE-2023-21471
all versions
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files wit
4.0MEDIUM
 CVE-2023-21470
all versions
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location i
4.0MEDIUM
 CVE-2023-21469
all versions
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location i
4.0MEDIUM
 CVE-2023-21468
all versions
Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated
5.9MEDIUM
 CVE-2023-21466
all versions
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to
5.3MEDIUM
 CVE-2025-26416
all versions
In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could
9.8CRITICAL
 CVE-2025-22442
all versions
In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newl
7.0HIGH
 CVE-2025-22439
all versions
In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a m
7.3HIGH
 CVE-2025-22438
all versions
In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalatio
7.8HIGH
 CVE-2025-22437
all versions
In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic
7.8HIGH
 CVE-2025-22435
all versions
In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device esca
9.8CRITICAL
 CVE-2025-22434
all versions
In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This
7.8HIGH
 CVE-2025-22433
all versions
In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in
7.8HIGH
 CVE-2025-22431
all versions
In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumst
5.5MEDIUM
 CVE-2025-22430
all versions
In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission che
5.5MEDIUM
 CVE-2025-22429
all versions
In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to loca
9.8CRITICAL
 CVE-2025-22428
all versions
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the seconda
7.8HIGH
 CVE-2025-22427
all versions
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock sc
7.3HIGH
 CVE-2025-22423
all versions
In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to
7.5HIGH
 CVE-2025-22422
all versions
In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its resu
7.8HIGH
 CVE-2025-22421
all versions
In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lock
5.5MEDIUM
 CVE-2025-22419
all versions
In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjack
7.3HIGH
 CVE-2025-22418
all versions
In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privileg
7.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin