cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.
Max CVSS
6.7
Published
2021-12-08
Updated
2022-09-23
EPSS
0.04%

CVE-2021-25489

Known Exploited Vulnerability
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
Max CVSS
5.5
Published
2021-10-06
Updated
2022-09-23
EPSS
0.14%
KEV Added
2023-06-29
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
Max CVSS
7.2
Published
2021-10-06
Updated
2021-10-13
EPSS
0.09%
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
Max CVSS
7.2
Published
2021-10-06
Updated
2021-10-13
EPSS
0.08%
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
Max CVSS
7.2
Published
2021-10-06
Updated
2021-10-13
EPSS
0.04%
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
Max CVSS
6.7
Published
2021-10-06
Updated
2021-10-13
EPSS
0.04%
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.
Max CVSS
7.2
Published
2021-10-06
Updated
2021-10-14
EPSS
0.04%
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
Max CVSS
9.8
Published
2021-09-09
Updated
2022-08-01
EPSS
0.13%
A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.
Max CVSS
7.8
Published
2021-06-11
Updated
2021-06-16
EPSS
0.04%
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
Max CVSS
10.0
Published
2021-06-11
Updated
2022-09-23
EPSS
0.12%
An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
Max CVSS
9.8
Published
2021-06-11
Updated
2022-09-23
EPSS
0.11%
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
Max CVSS
9.8
Published
2021-06-11
Updated
2022-09-23
EPSS
0.11%
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
Max CVSS
9.8
Published
2021-06-11
Updated
2022-10-25
EPSS
0.12%
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
Max CVSS
9.8
Published
2021-06-11
Updated
2022-09-23
EPSS
0.12%
In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-197868577
Max CVSS
8.8
Published
2021-12-15
Updated
2021-12-17
EPSS
0.12%
In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621
Max CVSS
7.1
Published
2021-12-15
Updated
2021-12-17
EPSS
0.11%
In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441
Max CVSS
5.0
Published
2021-12-15
Updated
2021-12-17
EPSS
0.04%
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.
Max CVSS
6.7
Published
2021-12-17
Updated
2021-12-22
EPSS
0.04%
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.
Max CVSS
6.7
Published
2021-12-17
Updated
2021-12-22
EPSS
0.04%
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.
Max CVSS
6.7
Published
2021-12-17
Updated
2021-12-22
EPSS
0.04%
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003.
Max CVSS
6.7
Published
2021-12-17
Updated
2021-12-22
EPSS
0.04%
In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-182152757
Max CVSS
6.5
Published
2021-10-06
Updated
2021-10-08
EPSS
0.11%
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511.
Max CVSS
6.7
Published
2021-12-17
Updated
2021-12-22
EPSS
0.04%
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154.
Max CVSS
4.4
Published
2021-12-17
Updated
2021-12-22
EPSS
0.04%
In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.
Max CVSS
6.7
Published
2021-11-18
Updated
2021-11-19
EPSS
0.04%
61 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!