Google Android vulnerabilities

CVE-2023-21270 [HIGH] CWE-863 CVE-2023-21270: In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app t In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9364 [HIGH] CWE-203 CVE-2018-9364: In the LG LAF component, there is a special command that allowed modification of certain partitions. In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.

CVE-2018-9365 [HIGH] CWE-125 CVE-2018-9365: In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code executio In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9424 [HIGH] CWE-787 CVE-2018-9424: In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missi In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9341 [HIGH] CWE-787 CVE-2018-9341: In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing boun In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9366 [HIGH] CWE-190 CVE-2018-9366: In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible o In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9466 [HIGH] CWE-787 CVE-2018-9466: In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9456 [HIGH] CWE-125 CVE-2018-9456: In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9417 [HIGH] CWE-416 CVE-2018-9417: In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locki In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9432 [HIGH] CWE-276 CVE-2018-9432: In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9419 [HIGH] CWE-125 CVE-2018-9419: In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bou In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9409 [HIGH] CWE-787 CVE-2018-9409: In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9370 [HIGH] CWE-787 CVE-2018-9370: In download.c there is a special mode allowing user to download data into memory and causing possibl In download.c there is a special mode allowing user to download data into memory and causing possible memory corruptions due to missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9433 [HIGH] CWE-116 CVE-2018-9433: In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2018-9367 [HIGH] CWE-787 CVE-2018-9367: In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds w In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9372 [HIGH] CWE-787 CVE-2018-9372: In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missi In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9428 [HIGH] CWE-416 CVE-2018-9428: In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use a In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01

CVE-2018-9420 [MEDIUM] CWE-908 CVE-2018-9420: In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9371 [MEDIUM] CWE-125 CVE-2018-9371: In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for

CVE-2018-9348 [MEDIUM] CWE-190 CVE-2018-9348: In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote denial of service due to resource exhaustion with no additional execution privileges needed. User interaction is needed for exploitation.