Google Android vulnerabilities

CVE-2021-0901 [MEDIUM] CWE-190 CVE-2021-0901: In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to l In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.

CVE-2021-0889 [CRITICAL] CVE-2021-0889: In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296

CVE-2021-0956 [CRITICAL] CWE-787 CVE-2021-0956: In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-18994

CVE-2021-0925 [HIGH] CWE-125 CVE-2021-0925: In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bo In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure due to a limited change in behavior based on the out of bounds data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andr

CVE-2021-0970 [HIGH] CWE-502 CVE-2021-0970: In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deseriali In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196970023

CVE-2021-1028 [HIGH] CWE-416 CVE-2021-1028: In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683

CVE-2021-0922 [HIGH] CWE-862 CVE-2021-0922: In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Andr

CVE-2021-0954 [HIGH] CWE-1021 CVE-2021-0954: In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931

CVE-2021-0930 [HIGH] CWE-787 CVE-2021-0930: In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-18

CVE-2021-0923 [HIGH] CWE-862 CVE-2021-0923: In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195338390

CVE-2021-1019 [HIGH] CVE-2021-1019: In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031401

CVE-2021-0769 [HIGH] CVE-2021-0769: In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requi In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184676316

CVE-2021-0926 [HIGH] CWE-862 CVE-2021-0926: In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9

CVE-2021-0967 [HIGH] CWE-787 CVE-2021-0967: In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing b In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199065614

CVE-2021-0649 [HIGH] CWE-863 CVE-2021-0649: In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. Th In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROL_ALWAYS_ON_VPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191382886

CVE-2021-0963 [HIGH] CWE-1021 CVE-2021-0963: In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in ke In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9An

CVE-2021-0933 [HIGH] CWE-20 CVE-2021-0933: In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way f In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed.

CVE-2021-0985 [HIGH] CWE-862 CVE-2021-0985: In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missin In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190403923

CVE-2021-0999 [HIGH] CWE-862 CVE-2021-0999: In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetoot In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A

CVE-2021-0799 [HIGH] CVE-2021-0799: In ActivityThread.java, there is a possible way to collide the content provider's authorities. This In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197647956