The Android Open Source Project

100 exploits Active since May 2014
CVE-2016-8479 GITHUB HIGH c WORKING POC
Android Kernel <3.18 - Privilege Escalation
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687.
8 stars
CVSS 7.8
CVE-2016-8460 GITHUB MEDIUM c WORKING POC
Android Kernel 3.10 - Info Disclosure
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460.
8 stars
CVSS 5.5
CVE-2016-8434 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855.
8 stars
CVSS 7.0
CVE-2016-8431 GITHUB HIGH c WORKING POC
Android Kernel 3.18 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431.
8 stars
CVSS 7.8
CVE-2016-8430 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430.
8 stars
CVSS 7.8
CVE-2016-8429 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429.
8 stars
CVSS 7.8
CVE-2016-8428 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428.
8 stars
CVSS 7.8
CVE-2016-8427 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427.
8 stars
CVSS 7.8
CVE-2016-8425 GITHUB HIGH c WORKING POC
Android Kernel 3.10 - Privilege Escalation
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425.
8 stars
CVSS 7.8
CVE-2016-6736 GITHUB HIGH c WORKING POC
Android < 7.0 - Elevation of Privilege via NVIDIA GPU Driver
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736.
8 stars
CVSS 7.8
CVE-2016-6735 GITHUB HIGH c WORKING POC
Android < 2016-11-05 - Elevation of Privilege in NVIDIA GPU Driver
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735.
8 stars
CVSS 7.8
CVE-2016-6734 GITHUB HIGH c WORKING POC
Android < 7.0 - Elevation of Privilege via NVIDIA GPU Driver
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734.
8 stars
CVSS 7.8
CVE-2016-6733 GITHUB HIGH c WORKING POC
Android < 2016-11-05 - Elevation of Privilege via NVIDIA GPU Driver
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733.
8 stars
CVSS 7.3
CVE-2016-6732 GITHUB HIGH c WORKING POC
Android < 7.0 - Privilege Escalation via NVIDIA GPU Driver
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732.
8 stars
CVSS 7.3
CVE-2016-6731 GITHUB HIGH c WORKING POC
Android < 7.0 - Elevation of Privilege via NVIDIA GPU Driver
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731.
8 stars
CVSS 7.3
CVE-2016-6730 GITHUB HIGH c WORKING POC
Android < 7.0 - Elevation of Privilege in NVIDIA GPU Driver
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730.
8 stars
CVSS 7.3
CVE-2016-3818 GITHUB MEDIUM c WORKING POC
Android libc - Denial of Service via Crafted File
libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.
8 stars
CVSS 5.5
CVE-2016-3747 GITHUB HIGH c WORKING POC
Android <4.4.4, <5.0.2, <5.1.1, <2016-07-01 - Privilege Escalation
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27903498.
8 stars
CVSS 7.8
CVE-2024-40676 NOMISEC HIGH WRITEUP
Android - Local Privilege Escalation via Confused Deputy in AccountManagerService
In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
1 stars
CVSS 7.7
CVE-2023-21285 NOMISEC MEDIUM STUB
Android - Local Information Disclosure via MediaSessionRecord setMetadata
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
1 stars
CVSS 5.5
CVE-2021-0339 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via WindowContainer Animation Handling
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-145728687
1 stars
CVSS 7.8
CVE-2021-0472 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via App Pinning Permissions Bypass
In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033
1 stars
CVSS 7.8
CVE-2020-0162 NOMISEC MEDIUM WRITEUP
Android 10 - Denial of Service via MPEG4Extractor.cpp parseSampleAuxiliaryInformationOffsets
In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526959
CVSS 6.5
CVE-2021-0437 GITLAB HIGH WRITEUP
Android - Double Free in DrmPlugin.cpp
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330
CVSS 7.8
CVE-2021-0435 GITLAB HIGH WRITEUP
Android - Remote Information Disclosure via Uninitialized Data in avrc_proc_vendor_command
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451
CVSS 7.5