In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local…

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information…

In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial…

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could…

In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or…

In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission…

In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information…

In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with…

In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could…

In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This…