Google Android vulnerabilities

CVE-2021-0629 [MEDIUM] CWE-416 CVE-2021-0629: In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625.

CVE-2021-0670 [MEDIUM] CWE-416 CVE-2021-0670: In apusys, there is a possible memory corruption due to a use after free. This could lead to local e In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663.

CVE-2021-0624 [MEDIUM] CWE-125 CVE-2021-0624: In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could l In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.

CVE-2021-0664 [MEDIUM] CWE-416 CVE-2021-0664: In ccu, there is a possible memory corruption due to a use after free. This could lead to local esca In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158.

CVE-2021-0671 [MEDIUM] CWE-787 CVE-2021-0671: In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to l In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273.

CVE-2021-0665 [MEDIUM] CWE-125 CVE-2021-0665: In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.

CVE-2021-0659 [MEDIUM] CWE-125 CVE-2021-0659: In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.

CVE-2021-0656 [MEDIUM] CWE-416 CVE-2021-0656: In edma driver, there is a possible memory corruption due to a use after free. This could lead to lo In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.

CVE-2021-0666 [MEDIUM] CWE-125 CVE-2021-0666: In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.

CVE-2021-0619 [MEDIUM] CWE-125 CVE-2021-0619: In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could l In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395.

CVE-2021-0655 [MEDIUM] CWE-787 CVE-2021-0655: In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This coul In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424.

CVE-2021-0657 [MEDIUM] CWE-787 CVE-2021-0657: In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.

CVE-2021-0623 [MEDIUM] CWE-190 CVE-2021-0623: In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.

CVE-2021-0672 [MEDIUM] CWE-862 CVE-2021-0672: In Browser app, there is a possible information disclosure due to a missing permission check. This c In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035

CVE-2021-0622 [MEDIUM] CWE-125 CVE-2021-0622: In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could l In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.

CVE-2021-0669 [MEDIUM] CWE-416 CVE-2021-0669: In apusys, there is a possible memory corruption due to a use after free. This could lead to local e In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.

CVE-2021-0658 [MEDIUM] CWE-787 CVE-2021-0658: In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.

CVE-2021-0668 [MEDIUM] CWE-755 CVE-2021-0668: In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521.

CVE-2021-25502 [MEDIUM] CWE-269 CVE-2021-25502: A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-20 A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.

CVE-2021-25503 [MEDIUM] CWE-20 CVE-2021-25503: Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.