Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
ASB-A-111893654
  • Android/Kernel
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
  • Kernel
2023-03-31T14:42:31Z Fix available
ASB-A-112551163
  • Android/Kernel
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.
  • Kernel
2023-03-31T14:42:31Z Fix available
ASB-A-119041698
  • Android/Framework
In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
  • 11
2023-03-31T14:42:31Z Fix available
ASB-A-123700107
  • Android/Framework
In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.
  • 9
  • 10
2023-03-31T14:42:31Z Fix available
ASB-A-129287265
  • Android/Framework
In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
  • 8.0
  • 8.1
  • 9
2023-03-31T14:42:31Z Fix available
ASB-A-129476618
  • Android/Framework
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.
  • 8.0
  • 8.1
  • 9
  • 10
2023-03-31T14:42:31Z Fix available
ASB-A-130373736
  • Android/Broadcom
In driver/firmware of broadcom wifi chipset, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
  • Kernel
2023-03-31T14:42:31Z Fix available
ASB-A-130374366
  • Android/Broadcom
In driver/firmware of broadcom wifi chipset, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
  • Kernel
2023-03-31T14:42:31Z Fix available
ASB-A-134155286
  • Android/Framework
In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
  • 10
  • 11
2023-03-31T14:42:31Z Fix available
ASB-A-135368228
  • Android/Kernel
In i915_gem_execbuffer2_ioctl of i915_gem_execbuffer.c, there is a possible arbitrary kernel memory write due to a missing validation of a userspace pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
  • Kernel
2023-03-31T14:42:31Z Fix available
ASB-A-137284057
  • Android/Media Framework
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
  • 9
2023-03-31T14:42:31Z Fix available
ASB-A-140108616
  • Android/System
In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
  • 8.1
  • 9
  • 10
2023-03-31T14:42:31Z Fix available
ASB-A-140256621
  • Android/Framework
In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional execution privileges needed. User interaction is not needed for exploitation.
  • 8.0
  • 8.1
  • 9
  • 10
  • 11
2023-03-31T14:42:31Z Fix available
ASB-A-140417248
  • Android/System
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege of a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation.
  • 8.0
  • 8.1
  • 9
  • 10
2023-03-31T14:42:31Z Fix available
ASB-A-141745510
  • Android/Framework
In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value. This could lead to local escalation of privilege via tapjacking with no additional execution privileges needed. User interaction is needed for exploitation.
  • 8.0
  • 8.1
  • 9
  • 10
2023-03-31T14:42:31Z Fix available
ASB-A-142125338
  • Android/Framework
In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
  • 8.1
  • 9
  • 10
2023-03-31T14:42:31Z Fix available