This could lead to local escalation of privilege with no additional execution privileges needed. In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check.
User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715 This could lead to remote code execution over Bluetooth with no additional execution privileges needed. In reassemble_and_dispatch of packet_, there is possible out of bounds write due to an incorrect bounds calculation. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 This could lead to a local escalation of privilege with no additional execution privileges needed. It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable.
0 kommentar(er)
