CVEs

索引

• 按版本查看 - Android 按版本分类
• 按层级查看 - Kernel/Framework/Native
• 按组件查看 - Binder/PMS/GPU 等
• 按漏洞类型查看 - UAF/OOB/权限提升等

漏洞列表

2025

CVE	CVSS	CWE	层级	组件	概述	ITW
CVE-2025-68260	7.8	CWE-416	Kernel	Binder	Binder driver vulnerability
CVE-2025-48633	7.8	CWE-416	Kernel	Binder	Binder driver vulnerability
CVE-2025-48593	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-48554	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-48545	7.8	CWE-269	Framework	System/Framework	Framework component vulnerability
CVE-2025-48543	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-48535	7.8	CWE-269	Native	System/Core	Native system component vulnerability
CVE-2025-48530	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-48524	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-38352	7.8	CWE-416	Kernel	Kernel/Core	Kernel component vulnerability
CVE-2025-32323	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-27363	8.1	CWE-787	Native	System/FreeType	FreeType font subglyph OOB write → code execution (ITW, zero-click)	⭐
CVE-2025-26464	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-26443	7.8	CWE-269	Framework	System/Framework	Framework component vulnerability
CVE-2025-22432	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-22413	7.8	CWE-787	Kernel	Kernel/Core	Kernel component vulnerability
CVE-2025-20655	5.5	CWE-200	Native	Keystore/TEE	MediaTek Keymaster TEE information disclosure
CVE-2025-0091	7.8	CWE-416	Native	System/Core	Native system component vulnerability
CVE-2025-0078	7.8	CWE-416	Kernel	Kernel/Core	Kernel component vulnerability
CVE-2025-0076	7.8	CWE-269	Framework	System/Framework	Framework privilege escalation

2024

CVE	CVSS	CWE	层级	组件	概述	ITW
CVE-2024-53197	7.8	CWE-787	Kernel	Kernel/ALSA-USB	Linux kernel ALSA USB-audio OOB memory access (ITW, Cellebrite chain)	⭐
CVE-2024-53150	7.1	CWE-125	Kernel	Kernel/ALSA-USB	Linux kernel ALSA USB-audio OOB read (ITW, Cellebrite chain)	⭐
CVE-2024-53104	7.8	CWE-787	Kernel	Kernel/USB-UVC	Linux kernel USB Video Class OOB write (ITW, Cellebrite chain)	⭐
CVE-2024-50302	7.8	CWE-908	Kernel	Kernel/HID	Linux kernel HID core uninitialized buffer → info leak (ITW, Cellebrite chain)	⭐
CVE-2024-49744	7.8	CWE-502	Framework	AMS/AccountManager	AccountManagerService unsafe deserialization → EoP
CVE-2024-49733	5.5	CWE-269	Framework	System/Settings	ServiceListing reload logic error → hide NLS from Settings
CVE-2024-49721	7.8	CWE-269	Framework	Framework/Core	Framework privilege escalation
CVE-2024-45445	5.5	CWE-200	Native	Keystore/TEE	Keystore/TEE information disclosure
CVE-2024-43093	7.8	CWE-22	Framework	Framework/ExternalStorage	ExternalStorageProvider Unicode normalization path traversal (ITW)	⭐
CVE-2024-43090	5.0	CWE-862	Framework	Framework/Core	Missing permission check → cross-user image read
CVE-2024-43081	7.8	CWE-269	Framework	PMS	InstallPackageHelper carrier restriction bypass → EoP
CVE-2024-43080	7.8	CWE-502	Framework	System/Settings	AppRestrictionsFragment unsafe deserialization → EoP (Intent Redirect)
CVE-2024-40660	7.8	CWE-269	Framework	Framework/Core	Framework component privilege escalation
CVE-2024-40652	7.8	CWE-862	Framework	System/Settings	SettingsHomepageActivity missing permission check → EoP during provisioning
CVE-2024-40650	7.8	CWE-862	Framework	System/Settings	Settings FRP bypass via wifi_item_edit_content
CVE-2024-36971	7.8	CWE-416	Kernel	Kernel/Networking	Linux kernel __dst_negative_advice() UAF (ITW, Google TAG)	⭐
CVE-2024-32896	7.8	CWE-269	Framework	Pixel/Firmware	Pixel firmware logic error → privilege escalation (ITW, factory reset interrupt)	⭐
CVE-2024-31320	7.8	CWE-862	Framework	Framework/CDM	CompanionDeviceManager setSkipPrompt bypass
CVE-2024-29779	7.8	CWE-269	Native	Keystore/KeyMint	KeyMint TEE privilege escalation
CVE-2024-29745	5.5	CWE-200	Bootloader	Pixel/Fastboot	Pixel fastboot firmware memory not zeroed → info disclosure (ITW, Cellebrite)	⭐
CVE-2024-20865	6.8	CWE-287	Bootloader	Samsung/Bootloader	Samsung bootloader authentication bypass → flash arbitrary images
CVE-2024-20832	6.7	CWE-787	Bootloader	Samsung/Bootloader	Samsung Little Kernel bootloader heap overflow
CVE-2024-0044	7.8	CWE-20	Framework	PMS	PackageInstallerService installer name injection → run-as bypass (ITW)	⭐
CVE-2024-0025	7.8	CWE-269	Framework	AMS	sendIntentSender logic error → background activity launch

2023

CVE	CVSS	CWE	层级	组件	概述	ITW
CVE-2023-4863	8.8	CWE-787	Native	System/libwebp	libwebp heap buffer overflow in BuildHuffmanTable (ITW)	⭐
CVE-2023-4211	7.8	CWE-416	Kernel	GPU/Mali	ARM Mali GPU driver use-after-free (ITW)	⭐
CVE-2023-21255	7.8	CWE-416	Kernel	Binder	Binder driver use-after-free
CVE-2023-21036	5.5	CWE-200	Framework	System/Markup	aCropalypse — Markup screenshot data not truncated
CVE-2023-20938	7.8	CWE-416	Kernel	Binder	Binder driver use-after-free in binder_transaction

2022

CVE	CVSS	CWE	层级	组件	概述	ITW
CVE-2022-4543	5.5	CWE-281	Kernel	Kernel/Core	EntryBleed — KASLR bypass via prefetch side-channel
CVE-2022-20186	7.8	CWE-787	Kernel	GPU/Mali	ARM Mali GPU driver out-of-bounds write
CVE-2022-0847	7.8	CWE-281	Kernel	Kernel/Core	Dirty Pipe — pipe buffer flag not cleared on splice

2021

CVE	CVSS	CWE	层级	组件	概述	ITW
CVE-2021-1905	7.8	CWE-416	Kernel	GPU/Adreno	Qualcomm Adreno GPU use-after-free (ITW)	⭐
CVE-2021-1048	7.8	CWE-416	Kernel	Kernel/Core	epoll use-after-free in ep_loop_check_proc (ITW)	⭐
CVE-2021-0928	7.8	CWE-416	Kernel	Binder	Parcel deserialization type confusion via OutputConfiguration
CVE-2021-0920	7.8	CWE-416	Kernel	Kernel/AF_UNIX	AF_UNIX garbage collection race condition (ITW, Google TAG)	⭐
CVE-2021-0478	7.8	CWE-269	Framework	PMS	PendingIntent hijack in PackageManagerService