Total
34371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21218 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21217 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21215 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21166 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21164 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21163 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21145 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20942 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20820 | 2 Mediatek, Openwrt | 14 Mt6890, Mt7603, Mt7612 and 11 more | 2024-11-21 | 7.2 High |
| In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189. | ||||
| CVE-2023-20810 | 3 Google, Linux, Mediatek | 54 Android, Linux Kernel, Mt5221 and 51 more | 2024-11-21 | 4.4 Medium |
| In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. | ||||
| CVE-2023-20800 | 3 Google, Linuxfoundation, Mediatek | 9 Android, Yocto, Mt6879 and 6 more | 2024-11-21 | 6.5 Medium |
| In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955. | ||||
| CVE-2023-20789 | 2 Google, Mediatek | 12 Android, Mt6789, Mt6835 and 9 more | 2024-11-21 | 4.4 Medium |
| In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193. | ||||
| CVE-2023-20782 | 2 Google, Mediatek | 57 Android, Mt6580, Mt6731 and 54 more | 2024-11-21 | 4.4 Medium |
| In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103. | ||||
| CVE-2023-20780 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6731 and 53 more | 2024-11-21 | 4.4 Medium |
| In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756. | ||||
| CVE-2023-20598 | 1 Amd | 107 Radeon Pro W5500, Radeon Pro W5700, Radeon Pro W6300 and 104 more | 2024-11-21 | 7.8 High |
| An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. | ||||
| CVE-2023-20596 | 1 Amd | 128 Ryzen 3 5125c, Ryzen 3 5125c Firmware, Ryzen 3 5300g and 125 more | 2024-11-21 | 9.8 Critical |
| Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | ||||
| CVE-2023-20592 | 2 Amd, Redhat | 141 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 138 more | 2024-11-21 | 6.5 Medium |
| Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. | ||||
| CVE-2023-20589 | 1 Amd | 244 4700s, 4700s Firmware, Athlon Gold 3150c and 241 more | 2024-11-21 | 6.8 Medium |
| An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. | ||||
| CVE-2023-20586 | 1 Amd | 1 Radeon Software | 2024-11-21 | 9.8 Critical |
| A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations | ||||
| CVE-2023-20562 | 3 Amd, Linux, Microsoft | 4 Amd Uprof, Uprof Tool, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | ||||