|
201841
|
7.8 |
HIGH
Local
|
google
|
android
|
In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges neede…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-0699
|
2024-11-21 14:43 |
2022-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201842
|
7.8 |
HIGH
Local
|
google
|
android
|
In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges neede…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2021-0951
|
2024-11-21 14:43 |
2022-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201843
|
7.0 |
HIGH
Local
|
google
|
android
|
In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User int…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2021-0696
|
2024-11-21 14:43 |
2022-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201844
|
7.8 |
HIGH
Local
|
google
|
android
|
In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-0943
|
2024-11-21 14:43 |
2022-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201845
|
9.8 |
CRITICAL
Network
|
google
|
android
|
The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayDa…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-0942
|
2024-11-21 14:43 |
2022-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201846
|
7.8 |
HIGH
Local
|
google
|
android
|
In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2021-0871
|
2024-11-21 14:43 |
2022-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201847
|
7.0 |
HIGH
Local
|
google
|
android
|
In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges ne…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2021-0697
|
2024-11-21 14:43 |
2022-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201848
|
7.5 |
HIGH
Network
|
google
|
android
|
The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM, and then copies the buffer to userspace. The method TLSer…
|
CWE-909
Missing Initialization of Resource
|
CVE-2021-0947
|
2024-11-21 14:43 |
2022-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201849
|
7.5 |
HIGH
Network
|
google
|
android
|
The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. The method P…
|
CWE-909
Missing Initialization of Resource
|
CVE-2021-0946
|
2024-11-21 14:43 |
2022-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201850
|
7.5 |
HIGH
Network
|
google
|
android
|
An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490
|
CWE-269
Improper Privilege Management
|
CVE-2021-0891
|
2024-11-21 14:43 |
2022-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
