google android 12.0 vulnerabilities and exploits

(subscribe to this query)

7.8

CVSSv3

In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Google Android 10.0 Google Android 11.0 Google Android 12.0 Google Android 12.1

5.5

CVSSv3

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Google Android 10.0 Google Android 11.0 Google Android 12.0 Google Android 12.1

5.5

CVSSv3

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Google Android 10.0 Google Android 11.0 Google Android 12.01 Github repository available

7

CVSSv3

In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional...

Google Android 10.0 Google Android 11.0 Google Android 12.0 Google Android 12.11 Github repository available

7.8

CVSSv3

In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

Google Android 12.0 Google Android 12.1

5.5

CVSSv3

In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Google Android 12.0 Google Android 12.1

7.8

CVSSv3

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product:...

Google Android 12.0 Google Android 12.1

5.5

CVSSv3

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

Google Android 10.0 Google Android 11.0 Google Android 12.0 Google Android 12.1

6.5

CVSSv3

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for...

Google Android 12.0 Google Android 12.1

7.8

CVSSv3

In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Google Android 10.0 Google Android 11.0 Google Android 12.0 Google Android 12.11 Github repository available

Get Started

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook