Common Vulnerabilities and Exposures (CVE)
CVE-2026-0031
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...
CVE-2025-48578
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2026-0034
In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User ...
CVE-2026-0035
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privi...
CVE-2026-0037
In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl...
CVE-2026-0038
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2025-48577
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
CVE-2025-48574
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privilege...
CVE-2026-0047
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges...
CVE-2025-48568
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional executi...
CVE-2025-32313
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2025-48636
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User ...
CVE-2024-31328
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of pr...
CVE-2025-47375
Memory corruption while handling different IOCTL calls from the user-space simultaneously.