This could lead to local escalation of privilege with no additional execution privileges needed. In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715 This could lead to remote code execution over Bluetooth with no additional execution privileges needed.
In reassemble_and_dispatch of packet_, there is possible out of bounds write due to an incorrect bounds calculation.
User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 This could lead to a local escalation of privilege with no additional execution privileges needed. It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304
User interaction is not needed for exploitation. In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly.
0 kommentar(er)
