Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20625 | 2 Google, Mediatek | 26 Android, Mt6739, Mt6761 and 23 more | 2023-03-12 | N/A | 6.4 MEDIUM |
| In adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628532; Issue ID: ALPS07628532. | |||||
| CVE-2023-20611 | 2 Google, Mediatek | 39 Android, Mt6580, Mt6731 and 36 more | 2023-02-14 | N/A | 6.4 MEDIUM |
| In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678. | |||||
| CVE-2023-20610 | 2 Google, Mediatek | 23 Android, Mt6761, Mt6765 and 20 more | 2023-02-14 | N/A | 6.4 MEDIUM |
| In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363469; Issue ID: ALPS07363469. | |||||
| CVE-2023-20607 | 2 Google, Mediatek | 4 Android, Mt6765, Mt6768 and 1 more | 2023-02-14 | N/A | 6.4 MEDIUM |
| In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839. | |||||
| CVE-2022-32643 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2023-02-13 | N/A | 6.4 MEDIUM |
| In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261. | |||||
| CVE-2022-32642 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2023-02-13 | N/A | 6.4 MEDIUM |
| In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547. | |||||
| CVE-2022-23005 | 2 Jedec, Westerndigital | 4 Universal Flash Storage, Inand Eu311 Mobile Mc Ufs, Inand Eu312 Automotive Xa At Ufs and 1 more | 2023-02-08 | N/A | 8.7 HIGH |
| Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers. | |||||
| CVE-2022-32648 | 2 Google, Mediatek | 14 Android, Mt6735, Mt6737 and 11 more | 2023-01-09 | N/A | 6.4 MEDIUM |
| In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535964; Issue ID: ALPS06535964. | |||||
| CVE-2022-32645 | 2 Google, Mediatek | 19 Android, Mt6789, Mt6833 and 16 more | 2023-01-09 | N/A | 4.1 MEDIUM |
| In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477. | |||||
| CVE-2022-32644 | 2 Google, Mediatek | 19 Android, Mt6789, Mt6833 and 16 more | 2023-01-09 | N/A | 6.4 MEDIUM |
| In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494473; Issue ID: ALPS07494473. | |||||
| CVE-2022-32609 | 2 Google, Mediatek | 32 Android, Mt6762, Mt6768 and 29 more | 2022-11-10 | N/A | 6.4 MEDIUM |
| In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410. | |||||
| CVE-2022-32610 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2022-11-10 | N/A | 6.4 MEDIUM |
| In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. | |||||
| CVE-2022-32612 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2022-11-10 | N/A | 6.4 MEDIUM |
| In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500. | |||||
| CVE-2022-32613 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2022-11-10 | N/A | 6.4 MEDIUM |
| In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS07206340. | |||||
| CVE-2021-41213 | 1 Google | 1 Tensorflow | 2022-10-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2022-26473 | 2 Google, Mediatek | 11 Android, Mt6789, Mt6855 and 8 more | 2022-10-11 | N/A | 6.7 MEDIUM |
| In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197. | |||||
| CVE-2022-26452 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2022-10-11 | N/A | 6.7 MEDIUM |
| In isp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262305; Issue ID: ALPS07262305. | |||||
| CVE-2020-25668 | 3 Debian, Linux, Netapp | 26 Debian Linux, Linux Kernel, 500f and 23 more | 2022-08-05 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | |||||
| CVE-2022-1931 | 1 Trudesk Project | 1 Trudesk | 2022-06-08 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2018-4027 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2022-06-07 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability. | |||||