Google Android vulnerabilities
9,646 known vulnerabilities affecting google/android.
Total CVEs
9,646
CISA KEV
48
actively exploited
Public exploits
89
Exploited in wild
44
Severity breakdown
CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2
Vulnerabilities
Page 135 of 483
CVE-2022-40508HIGHCVSS 7.52023-05-01
CVE-2022-40508 [HIGH] CVE-2022-40508: Closed-source component
Android Security Bulletin 2023-05-01
CVE: CVE-2022-40508
Severity: HIGH
Component: Closed-source component
References: A-258057197
*
android
CVE-2022-40504HIGHCVSS 7.52023-05-01
CVE-2022-40504 [HIGH] CVE-2022-40504: Closed-source component
Android Security Bulletin 2023-05-01
CVE: CVE-2022-40504
Severity: HIGH
Component: Closed-source component
References: A-258057235
*
android
CVE-2021-0877HIGHCVSS 9.82023-05-01
CVE-2021-0877 [CRITICAL] CVE-2021-0877: PowerVR-GPU
Android Security Bulletin 2023-05-01
CVE: CVE-2021-0877
Severity: HIGH
Component: PowerVR-GPU
References: A-273754094
*
android
CVE-2022-25713HIGHCVSS 7.82023-05-01
CVE-2022-25713 [HIGH] CVE-2022-25713: Closed-source component
Android Security Bulletin 2023-05-01
CVE: CVE-2022-25713
Severity: HIGH
Component: Closed-source component
References: A-258057293
*
android
CVE-2022-46395HIGHCVSS 8.82023-05-01
CVE-2022-46395 [HIGH] CVE-2022-46395: Mali
Android Security Bulletin 2023-05-01
CVE: CVE-2022-46395
Severity: HIGH
Component: Mali
References: A-267357916
*
android
CVE-2023-21665HIGHCVSS 8.42023-05-01
CVE-2023-21665 [HIGH] CVE-2023-21665: Display
Android Security Bulletin 2023-05-01
CVE: CVE-2023-21665
Severity: HIGH
Component: Display
References: A-271879598
QC-CR#3400722
android
CVE-2022-46396HIGHCVSS 3.32023-05-01
CVE-2022-46396 [LOW] CVE-2022-46396: Mali
Android Security Bulletin 2023-05-01
CVE: CVE-2022-46396
Severity: HIGH
Component: Mali
References: A-259984805
*
android
CVE-2023-21102HIGHCVSS 7.82023-05-01
CVE-2023-21102 [HIGH] CVE-2023-21102: EFI
Android Security Bulletin 2023-05-01
CVE: CVE-2023-21102
Severity: HIGH
Type: EoP
Component: EFI
References: A-260821414
Upstream kernel
[2]
android
CVE-2021-39617HIGH2023-05-01
CVE-2021-39617 [HIGH] CVE-2021-39617: Android Security Bulletin 2023-05-01
CVE: CVE-2021-39617
Severity: HIGH
Type: EoP
Affected AOSP versions: 11, 12, 12L
References: A-175190844
Android Security Bulletin 2023-05-01
CVE: CVE-2021-39617
Severity: HIGH
Type: EoP
Affected AOSP versions: 11, 12, 12L
References: A-175190844
android
CVE-2023-26085HIGHCVSS 7.82023-05-01
CVE-2023-26085 [HIGH] CVE-2023-26085: Arm NNAPI Driver
Android Security Bulletin 2023-05-01
CVE: CVE-2023-26085
Severity: HIGH
Component: Arm NNAPI Driver
References: A-261701167
*
android
CVE-2022-34144HIGHCVSS 7.52023-05-01
CVE-2022-34144 [HIGH] CVE-2022-34144: Closed-source component
Android Security Bulletin 2023-05-01
CVE: CVE-2022-34144
Severity: HIGH
Component: Closed-source component
References: A-258057329
*
android
CVE-2022-20444HIGH2023-05-01
CVE-2022-20444 [HIGH] CVE-2022-20444: Android Security Bulletin 2023-05-01
CVE: CVE-2022-20444
Severity: HIGH
Type: EoP
Affected AOSP versions: 11, 12
References: A-197296414
[2]
[3]
[4]
[
Android Security Bulletin 2023-05-01
CVE: CVE-2022-20444
Severity: HIGH
Type: EoP
Affected AOSP versions: 11, 12
References: A-197296414
[2]
[3]
[4]
[5]
android
CVE-2023-0266MEDIUMCVSS 7.9KEV2023-05-01
CVE-2023-0266 [HIGH] CVE-2023-0266: Kernel
Android Security Bulletin 2023-05-01
CVE: CVE-2023-0266
Severity: MEDIUM
Type: EoP
Component: Kernel
References: A-265303544
Upstream kernel
android
CVE-2023-21096CRITICALCVSS 9.8v12.0v12.1+2 more2023-04-19
CVE-2023-21096 [CRITICAL] CWE-416 CVE-2023-21096: In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remo
In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758
nvdandroid
CVE-2023-21088HIGHCVSS 7.8v12.0v12.1+2 more2023-04-19
CVE-2023-21088 [HIGH] CVE-2023-21088: In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass backgro
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L
nvdandroid
CVE-2023-21097HIGHCVSS 7.8v11.0v12.0+3 more2023-04-19
CVE-2023-21097 [HIGH] CWE-610 CVE-2023-21097: In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confu
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325
nvdandroid
CVE-2023-21083HIGHCVSS 7.8v11.0v12.0+3 more2023-04-19
CVE-2023-21083 [HIGH] CVE-2023-21083: In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without
In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android
nvdandroid
CVE-2023-21094HIGHCVSS 7.8v11.0v12.0+3 more2023-04-19
CVE-2023-21094 [HIGH] CWE-862 CVE-2023-21094: In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12
nvdandroid
CVE-2023-21085HIGHCVSS 8.8v11.0v12.0+3 more2023-04-19
CVE-2023-21085 [HIGH] CWE-787 CVE-2023-21085: In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing
In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID:
nvdandroid
CVE-2023-21099HIGHCVSS 7.8v11.0v12.0+3 more2023-04-19
CVE-2023-21099 [HIGH] CVE-2023-21099: In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground ser
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-
nvdandroid