Filtered by vendor Google Subscriptions
Filtered by product Android Subscriptions
Total 9280 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-0113 1 Google 1 Android 2026-04-16 9.8 Critical
In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0124 1 Google 1 Android 2026-04-16 7.8 High
There is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-20409 3 Google, Mediatek, Mediatk 4 Android, Mt6897, Mt6989 and 1 more 2026-04-16 7.8 High
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
CVE-2026-20411 2 Google, Mediatek 26 Android, Mt6781, Mt6878 and 23 more 2026-04-16 7.8 High
In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.
CVE-2026-20412 2 Google, Mediatek 25 Android, Mt6878, Mt6879 and 22 more 2026-04-16 7.8 High
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.
CVE-2026-20417 2 Google, Mediatek 4 Android, Mt6991, Mt6993 and 1 more 2026-04-16 5.3 Medium
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154.
CVE-2026-20435 6 Google, Linuxfoundation, Mediatek and 3 more 40 Android, Yocto, Mt2737 and 37 more 2026-04-16 4.6 Medium
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.
CVE-2026-20437 2 Google, Mediatek 6 Android, Mt2718, Mt6899 and 3 more 2026-04-16 4.4 Medium
In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843.
CVE-2026-20439 2 Google, Mediatek 6 Android, Mt2718, Mt6899 and 3 more 2026-04-16 4.4 Medium
In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.
CVE-2026-20440 2 Google, Mediatek 6 Android, Mt2718, Mt6899 and 3 more 2026-04-16 6.7 Medium
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824.
CVE-2026-20441 2 Google, Mediatek 6 Android, Mt2718, Mt6899 and 3 more 2026-04-16 6.7 Medium
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.
CVE-2026-20444 2 Google, Mediatek 47 Android, Mt6739, Mt6761 and 44 more 2026-04-16 6.7 Medium
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.
CVE-2026-20429 2 Google, Mediatek 30 Android, Mt6739, Mt6761 and 27 more 2026-04-16 4.4 Medium
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.
CVE-2026-0007 1 Google 1 Android 2026-04-16 7.8 High
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0023 1 Google 1 Android 2026-04-16 7.8 High
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0107 1 Google 1 Android 2026-04-16 8.4 High
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0109 1 Google 1 Android 2026-04-16 7.5 High
In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0112 1 Google 1 Android 2026-04-16 7.4 High
In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0114 1 Google 1 Android 2026-04-16 9.8 Critical
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0115 1 Google 1 Android 2026-04-16 2.1 Low
In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.