CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-33911
https://notcve.org/view.php?id=CVE-2023-33911
In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21260
https://notcve.org/view.php?id=CVE-2023-21260
In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation. • https://source.android.com/security/bulletin/aaos/2023-07-01 • CWE-346: Origin Validation Error •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 1CVE-2023-21400
https://notcve.org/view.php?id=CVE-2023-21400
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://www.openwall.com/lists/oss-security/2023/07/14/2 http://www.openwall.com/lists/oss-security/2023/07/19/2 http://www.openwall.com/lists/oss-security/2023/07/19/7 http://www.openwall.com/lists/oss-security/2023/07/25/7 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0012 https://source.android.com • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21255
https://notcve.org/view.php?id=CVE-2023-21255
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/kernel/common/+/1ca1130ec62d https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0010 https://source.android.com/security/bulletin/2023-07-01 https://www.debian.org/security/2023/dsa-5480 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 4.1EPSS: 0%CPEs: 17EXPL: 0CVE-2022-48451
https://notcve.org/view.php?id=CVE-2022-48451
In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •