Google Android vulnerabilities

CVE-2021-0984 [HIGH] CWE-404 CVE-2021-0984: In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectl In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192475653

CVE-2021-1003 [HIGH] CWE-610 CVE-2021-1003: In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change a In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-189857506

CVE-2021-0928 [HIGH] CWE-20 CVE-2021-0928: In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserializ In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Andro

CVE-2021-1029 [HIGH] CWE-416 CVE-2021-1029: In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677

CVE-2021-0965 [HIGH] CWE-862 CVE-2021-0965: In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android

CVE-2021-1017 [HIGH] CWE-862 CVE-2021-1017: In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disa In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-1825

CVE-2021-0981 [HIGH] CVE-2021-0981: In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1

CVE-2021-1016 [HIGH] CWE-1021 CVE-2021-1016: In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB wit In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-183610267

CVE-2021-0953 [HIGH] CWE-281 CVE-2021-0953: In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-

CVE-2021-0921 [HIGH] CWE-20 CVE-2021-0921: In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deseriali In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697

CVE-2021-1039 [HIGH] CWE-1021 CVE-2021-1039: In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/ov In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182808318

CVE-2021-0927 [HIGH] CWE-281 CVE-2021-0927: In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9A

CVE-2021-1027 [HIGH] CWE-704 CVE-2021-1027: In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243

CVE-2021-0968 [HIGH] CWE-190 CVE-2021-0968: In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an inte In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577

CVE-2021-0918 [HIGH] CWE-787 CVE-2021-0918: In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536150

CVE-2021-0932 [HIGH] CVE-2021-0932: In showNotification of NavigationModeController.java, there is a possible confused deputy due to an In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performed as the System UI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173025705

CVE-2021-1002 [HIGH] CWE-125 CVE-2021-1002: In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-194533433

CVE-2021-1004 [HIGH] CWE-862 CVE-2021-1004: In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an ap In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi

CVE-2021-0434 [HIGH] CVE-2021-0434: In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a mali In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitati

CVE-2021-1021 [HIGH] CWE-20 CVE-2021-1021: In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable noti In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703