In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. This could lead to local…

In the Audio HAL, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege…

In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. This…

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege…

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with…

In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the…

In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with…

In ActivityManager, there is a possible way to check another process’s capabilities due to a missing permission check. This could lead to local information disclosure…

In ActivityManager, there is a way to read process state for other users due to a missing permission check. This could lead to local information…

In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. This could lead to local escalation of privilege…