Google ≫ Android

A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.

A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset...

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed...

In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution pri...