Platform System Security vulnerabilities

7 known vulnerabilities affecting platform/system_security.

Total CVEs

7

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

UNKNOWN7

Vulnerabilities

Page 1 of 1

CVE-2024-34731UNKNOWN≥ 14-next:0, < 14-next:2024-08-01≥ 14:0, < 14:2024-08-012024-08-01

CVE-2024-34731 CVE-2024-34731: In multiple functions of TranscodingResourcePolicy In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21176UNKNOWN≥ 13-next:0, < 13-next:2023-06-01≥ 13:0, < 13:2023-06-012023-06-01

CVE-2023-21176 CVE-2023-21176: In list_key_entries of utils In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21030UNKNOWN≥ 13:0, < 13:2023-03-012023-03-01

CVE-2023-21030 CVE-2023-21030: In Confirmation of keystore_cli_v2 In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20195UNKNOWN≥ 12L:0, < 12L:2022-06-012022-06-01

CVE-2022-20195 CVE-2022-20195: In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.

CVE-2021-39689UNKNOWN≥ 12:0, < 12:2022-03-01≥ 12L:0, < 12L:2022-03-012022-03-01

CVE-2021-39689 CVE-2021-39689: In multiple functions of odsign_main In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0958UNKNOWN≥ 12:0, < 12:2021-12-012021-12-01

CVE-2021-0958 CVE-2021-0958: In update of km_compat In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0320UNKNOWN≥ 10:0, < 10:2021-01-01≥ 11:0, < 11:2021-01-012021-01-01

CVE-2021-0320 CVE-2021-0320: In is_device_locked and set_device_locked of keystore_keymaster_enforcement In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.