OSV - Open Source Vulnerabilities

ASB-A-261721900

Android/platform/frameworks/base

Bypass CVE-2022-20338

01 Sep

Fix available

ASB-A-293199910

Android/platform/packages/apps/Settings

Android 13 Factory Reset Protection (FRP) Bypass - Hang/Crash Settings App > Share Feedback

01 Sep

Fix available

ASB-A-300904123

Android/platform/packages/services/Telecomm

App can keep its while in use permission forever even if it is in background.

01 Sep

Fix available

ASB-A-324321147

Android/platform/build/soong
Android/platform/frameworks/base
Android/platform/hardware/interfaces
Android/platform/system/sepolicy

Device administration API factory reset can be interrupted by an attacker with physical access (long-term fix)

01 Sep

Fix available

ASB-A-327749022

Android/platform/packages/apps/Settings

(Split 5) (Step 27) - FRP Bypass January 2024 (Android 14)

01 Sep

Fix available

ASB-A-329058967

Android/platform/packages/services/Telecomm

Conference StatusHints allow cross-user image access

01 Sep

Fix available

ASB-A-329641908

Android/platform/frameworks/av

[Out of Bounds Write in kDescribeHdr10PlusInfoIndex case in getConfig in SoftVideoDecoderOMXComponent.cpp in libstagefright_softomx]

01 Sep

Fix available

ASB-A-333364513

Android/platform/packages/apps/Settings

Spoofing `getCallingPackage` or `getCallingActivity` with FLAG_ACTIVITY_FORWARD_RESULT: Discussion on vulnerability pattern and fix suggestions

01 Sep

Fix available

ASB-A-336976105

Android/platform/frameworks/base
Android/platform/packages/modules/Permission
Android/platform/packages/modules/RemoteKeyProvisioning

App can update key attestation keys of other apps and disable AndroidKeyStore key generation feature permanently.

01 Sep

Fix available

ASB-A-341886134

Android/platform/packages/apps/Settings

Account preference would let secondary user manage app restriction on system user

01 Sep

Fix available

ASB-A-342490466

Android/:linux_kernel:

Vulnerability: Local privilege escalation in LTS 6.6.28, COS 109 17800.218.20 (kernelCTF)

01 Sep

Fix available

ASB-A-344620215

Android/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn

Buffer Over-read in WLAN Host Cmn [Q-Case#07257701]

01 Sep

Fix available

ASB-A-344620238

Android/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn

Buffer Over-read in WLAN Host Cmn [Q-Case#07257708]

01 Sep

Fix available

ASB-A-344620292

Android/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn
Android/platform/vendor/qcom-opensource/wlan/qcacld-3.0

Buffer Over-read in WLAN Host Cmn [Q-case#07257732]

01 Sep

Fix available

ASB-A-344620353

Android/:linux_kernel:Qualcomm

Return of Stack Variable Address in Buses

01 Sep

Fix available

ASB-A-344620433

Android/platform/vendor/qcom-opensource/fm-commonsys

Buffer Over-read in FMHost [Q-Case#07257724]

01 Sep

Fix available