Android suffers from multiple race condition vulnerabilities in the media.metrics service.
06121632506dfafd6c92c75072b912b0
Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service.
aecbddca95d8cb30c1fb09dfe42056f3
Chromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC.
473c674fc42d6772752e1711e882dd1f
Chromium suffers from an issues where read-only SharedMemory descriptors on Android are writable.
08491d011bf32134fe1395fcf9073825
A Chromium incorrect size calculation when deserializing Mojo "Event" messages can lead to out-of-bounds access.
94356d5538990c64e559c1b0258aa0c0
The keystore binder service ("android.security.IKeystoreService") allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also unprivileged daemons such as "media.codec". A permission bypass vulnerability exists in the KeyStore service due to getpidcon.
6217b7e5a6f72a1a4284d0fb186f9daf
Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service.
29596ace8468f827cee80ea00a7fe425
Android hardware service manager suffers from an arbitrary service replacement issue due to getpidcon.
e737a1fadbe0b195095c2575bb8694b4
The Android MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and transferred via binder to remote processes.
dcf0633cc886152f7601ff53e754aa73
Broadcom suffers from an information leak vulnerability in ICMPv6 router advertisement offloading.
aeacfa2846109e67de9614fdd20990e3
Broadcom suffers from denial of service and out-of-bounds read vulnerabilities in TCP KeepAlive Offloading.
879a8ac244f3f3230f4a9c7db76d35f4
Broadcom suffers from multiple overflow vulnerabilities when handling 802.11r (FT) Reassociation Response.
1e78093fdd782872ab115f5141a79346
Broadcom suffers from an out-of-bounds write when handling 802.11k Neighbor Report Response.
c66159611f52d4704833cd26af2fd32d
Broadcom suffers from a heap overflow vulnerability when handling 802.11v WNM Sleep Mode Response.
48eb86c5a0494efa869be0836999b41c
Apple products suffers from an information leak when handling WLC_E_COUNTRY_CODE_CHANGED event packets.
18dfa8691803d310aeb0e9d26cfe8d89
The Apple PCIe Message Ring protocol suffers from multiple race conditions that can lead to out-of-bounds read and writes.
bcd86287d34d775562104062a30c316c
Heap overflow and information disclosure vulnerabilities exist in Apple's setVendorIE when handling ioctl results.
3777e2aae23fd65779213ee09ccc433b
Apple products suffer from an issue where an out-of-band NUL byte write occurs when handling WLC_E_TRACE event packets.
2d276b709454a0e3d3f8f98a100310a0
A heap overflow vulnerability exists in Apple's updateRateSetAsyncCallback when handling ioctl results.
1e92daae67494ac51cfa3e9e9cd67bce
There is a heap overflow vulnerability in Apple's assembleBGScanResults when handling ioctl results.
92a298553ffecc17b336c053ef27d831
There is a heap overflow in Apple's AppleBCMWLANCore driver when handling Completed Firmware Timestamp messages (0x27).
9e2eb777a0c25de2a642bb1b840b9f64
Trustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.
9c01feb9f591e95fb6fa6abb1652bfcc
Multiple Android devices do not revoke known-bad QSEE trustlets.
f1989c1a9bceca35c689beccaef68246
Broadcom suffers from a host to dongle information leak via wldev_ioctl.
4920ccd54f1c8e49e101f7bf4b8b956b
Broadcom suffers from multiple memory corruption vulnerabilities in bcmdhd when handling WLFC information.
1403eebce5cd8e3ea8172f5a69f31803