Platform Packages Apps Nfc vulnerabilities

CVE-2021-39810 CVE-2021-39810: In verifyDefaults of CardEmulationManager In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35671 CVE-2023-35671: In onHostEmulationData of HostEmulationManager In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21183 CVE-2023-21183: In ForegroundUtils of ForegroundUtils In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20945 CVE-2023-20945: In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20905 CVE-2023-20905: In Mfc_Transceive of phNxpExtns_MifareStd In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20199 CVE-2022-20199: In multiple locations of NfcService In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20123 CVE-2022-20123: In phNciNfc_RecvMfResp of phNxpExtns_MifareStd In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0996 CVE-2021-0996: In nfaHciCallback of HciEventManager In nfaHciCallback of HciEventManager.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0956 CVE-2021-0956: In NfcTag::discoverTechnologies (activation) of NfcTag In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0598 CVE-2021-0598: In onCreate of ConfirmConnectActivity In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0594 CVE-2021-0594: In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for explo

CVE-2021-0596 CVE-2021-0596: In phNciNfc_RecvMfResp of phNxpExtns_MifareStd In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0542 CVE-2021-0542: In updateNotification of BeamTransferManager In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2020-0453 CVE-2020-0453: In updateNotification of BeamTransferManager In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local non-security issue with User execution privileges needed. User interaction is not needed for exploitation.