| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-30845 |
287 |
|
Bypass |
2023-04-26 |
2023-05-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases.
ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability.
Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2. |
|
2 |
CVE-2023-27579 |
697 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. |
|
3 |
CVE-2023-25801 |
415 |
|
|
2023-03-25 |
2023-04-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
|
4 |
CVE-2023-25676 |
476 |
|
|
2023-03-25 |
2023-04-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1. |
|
5 |
CVE-2023-25675 |
697 |
|
|
2023-03-25 |
2023-04-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
|
6 |
CVE-2023-25674 |
476 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
|
7 |
CVE-2023-25673 |
697 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
8 |
CVE-2023-25672 |
476 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
9 |
CVE-2023-25671 |
787 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
10 |
CVE-2023-25670 |
476 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
11 |
CVE-2023-25669 |
697 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
12 |
CVE-2023-25668 |
125 |
|
Exec Code |
2023-03-25 |
2023-03-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. |
|
13 |
CVE-2023-25667 |
190 |
|
Overflow |
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
14 |
CVE-2023-25666 |
697 |
|
|
2023-03-25 |
2023-03-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
15 |
CVE-2023-25665 |
476 |
|
|
2023-03-25 |
2023-03-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1. |
|
16 |
CVE-2023-25664 |
120 |
|
Overflow |
2023-03-25 |
2023-03-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
|
17 |
CVE-2023-25663 |
476 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
|
18 |
CVE-2023-25662 |
190 |
|
Overflow |
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
19 |
CVE-2023-25661 |
|
|
DoS |
2023-03-27 |
2023-04-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability. |
|
20 |
CVE-2023-25660 |
476 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1. |
|
21 |
CVE-2023-25659 |
125 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
|
22 |
CVE-2023-25658 |
125 |
|
|
2023-03-25 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
|
23 |
CVE-2023-21419 |
|
|
|
2023-02-09 |
2023-02-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. |
|
24 |
CVE-2023-21118 |
125 |
|
Overflow |
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004 |
|
25 |
CVE-2023-21117 |
|
|
Bypass |
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101 |
|
26 |
CVE-2023-21116 |
|
|
Exec Code |
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 |
|
27 |
CVE-2023-21112 |
125 |
|
|
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983 |
|
28 |
CVE-2023-21111 |
20 |
|
DoS |
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769 |
|
29 |
CVE-2023-21110 |
400 |
|
|
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365 |
|
30 |
CVE-2023-21109 |
|
|
Exec Code |
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597 |
|
31 |
CVE-2023-21107 |
276 |
|
|
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017 |
|
32 |
CVE-2023-21106 |
415 |
|
Mem. Corr. |
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel |
|
33 |
CVE-2023-21104 |
276 |
|
|
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 |
|
34 |
CVE-2023-21103 |
|
|
DoS |
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622 |
|
35 |
CVE-2023-21102 |
|
|
Exec Code Bypass |
2023-05-15 |
2023-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel |
|
36 |
CVE-2023-21100 |
787 |
|
Overflow |
2023-04-19 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249 |
|
37 |
CVE-2023-21099 |
|
|
Exec Code |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226 |
|
38 |
CVE-2023-21098 |
|
|
Exec Code |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867 |
|
39 |
CVE-2023-21097 |
610 |
|
|
2023-04-19 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325 |
|
40 |
CVE-2023-21096 |
416 |
|
Exec Code |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758 |
|
41 |
CVE-2023-21094 |
862 |
|
|
2023-04-19 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255 |
|
42 |
CVE-2023-21093 |
22 |
|
Dir. Trav. |
2023-04-19 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832 |
|
43 |
CVE-2023-21092 |
|
|
|
2023-04-19 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055 |
|
44 |
CVE-2023-21091 |
862 |
|
DoS |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257954050 |
|
45 |
CVE-2023-21090 |
400 |
|
DoS |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259942609 |
|
46 |
CVE-2023-21089 |
|
|
|
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237766679 |
|
47 |
CVE-2023-21088 |
|
|
Exec Code Bypass |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-235823542 |
|
48 |
CVE-2023-21087 |
|
|
DoS |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 |
|
49 |
CVE-2023-21086 |
|
|
Bypass |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970 |
|
50 |
CVE-2023-21085 |
787 |
|
Exec Code |
2023-04-19 |
2023-04-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-264879662 |
