Platform Frameworks Native vulnerabilities
50 known vulnerabilities affecting platform/frameworks_native.
Total CVEs
50
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
UNKNOWN50
Vulnerabilities
Page 1 of 3
CVE-2025-48630UNKNOWN≥ 16-qpr2-next:0, < 16-qpr2-next:2026-03-01≥ 15:0, < 15:2026-03-01+3 more2026-03-01
CVE-2025-48630 CVE-2025-48630: In drawLayersInternal of SkiaRenderEngine
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2025-32313UNKNOWN≥ 16-qpr2-next:0, < 16-qpr2-next:2026-03-01≥ 15:0, < 15:2026-03-01+1 more2026-03-01
CVE-2025-32313 CVE-2025-32313: In UsageEvents of UsageEvents
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2026-0007UNKNOWN≥ 16-qpr2-next:0, < 16-qpr2-next:2026-03-01≥ 15:0, < 15:2026-03-01+2 more2026-03-01
CVE-2026-0007 CVE-2026-0007: In writeToParcel of WindowInfo
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2025-48621UNKNOWN≥ 16-qpr2-next:0, < 16-qpr2-next:2025-12-01≥ 15:0, < 15:2025-12-01+3 more2025-12-01
CVE-2025-48621 CVE-2025-48621: In DefaultTransitionHandler
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
osv
CVE-2025-48596UNKNOWN≥ 16-qpr2-next:0, < 16-qpr2-next:2025-12-01≥ 15:0, < 15:2025-12-01+3 more2025-12-01
CVE-2025-48596 CVE-2025-48596: In appendFrom of Parcel
In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2025-48639UNKNOWN≥ 16-qpr2-next:0, < 16-qpr2-next:2025-12-01≥ 15:0, < 15:2025-12-01+3 more2025-12-01
CVE-2025-48639 CVE-2025-48639: In DefaultTransitionHandler
In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
osv
CVE-2025-48540UNKNOWN≥ 16-next:0, < 16-next:2025-09-01≥ 15:0, < 15:2025-09-01+3 more2025-09-01
CVE-2025-48540 CVE-2025-48540: In processTransactInternal of RpcState
In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2025-32325UNKNOWN≥ 16-next:0, < 16-next:2025-09-01≥ 15:0, < 15:2025-09-01+3 more2025-09-01
CVE-2025-32325 CVE-2025-32325: In appendFrom of Parcel
In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2025-22438UNKNOWN≥ 15-next:0, < 15-next:2025-04-01≥ 13:0, < 13:2025-04-01+1 more2025-04-01
CVE-2025-22438 CVE-2025-22438: In afterKeyEventLockedInterruptable of InputDispatcher
In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2025-0078UNKNOWN≥ 15-next:0, < 15-next:2025-03-01≥ 12:0, < 12:2025-03-01+4 more2025-03-01
CVE-2025-0078 CVE-2025-0078: In main of main
In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2024-49746UNKNOWN≥ 15-next:0, < 15-next:2025-02-01≥ 12:0, < 12:2025-02-01+4 more2025-02-01
CVE-2024-49746 CVE-2024-49746: In multiple functions of Parcel
In multiple functions of Parcel.cpp, there is a possible way to manipulate file descriptors and escalate privileges due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2024-49745UNKNOWN≥ 15-next:0, < 15-next:2025-01-01≥ 12:0, < 12:2025-01-01+4 more2025-01-01
CVE-2024-49745 CVE-2024-49745: In growData of Parcel
In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2024-49738UNKNOWN≥ 15-next:0, < 15-next:2025-01-01≥ 12:0, < 12:2025-01-01+4 more2025-01-01
CVE-2024-49738 CVE-2024-49738: In writeInplace of Parcel
In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2024-40660UNKNOWN≥ 15-next:0, < 15-next:2024-11-01≥ 15:0, < 15:2024-11-01+1 more2024-11-01
CVE-2024-40660 CVE-2024-40660: In setTransactionState of SurfaceFlinger
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2024-34743UNKNOWN≥ 14-next:0, < 14-next:2024-08-01≥ 14:0, < 14:2024-08-012024-08-01
CVE-2024-34743 CVE-2024-34743: In setTransactionState of SurfaceFlinger
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2024-0033UNKNOWN≥ 14-next:0, < 14-next:2024-02-01≥ 13:0, < 13:2024-02-01+1 more2024-02-01
CVE-2024-0033 CVE-2024-0033: In multiple functions of ashmem-dev
In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2023-40096UNKNOWN≥ 14-next:0, < 14-next:2023-12-01≥ 12:0, < 12:2023-12-01+2 more2023-12-01
CVE-2023-40096 CVE-2023-40096: In OpRecordAudioMonitor::onFirstRef of AudioRecordClient
In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2023-40131UNKNOWN≥ 14-next:0, < 14-next:2023-10-01≥ 12:0, < 12:2023-10-01+2 more2023-10-01
CVE-2023-40131 CVE-2023-40131: In GpuService of GpuService
In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2023-21031UNKNOWN≥ 13-next:0, < 13-next:2023-06-01≥ 13:0, < 13:2023-06-012023-06-01
CVE-2023-21031 CVE-2023-21031: In setPowerMode of HWC2
In setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
osv
CVE-2023-21171UNKNOWN≥ 13-next:0, < 13-next:2023-06-01≥ 13:0, < 13:2023-06-012023-06-01
CVE-2023-21171 CVE-2023-21171: In verifyInputEvent of InputDispatcher
In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
osv
1 / 3Next →