Android Os Security Vulnerabilities
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be...
7.5CVSS
7.1AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to...
7.8CVSS
7.3AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping....
7.8CVSS
7.1AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap...
7.8CVSS
7.1AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free...
7.8CVSS
7.2AI Score
0.001EPSS
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified...
9.8CVSS
9.5AI Score
0.003EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can...
9.8CVSS
8.5AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel...
7.8CVSS
7.2AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can...
9.8CVSS
7.7AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE...
7.8CVSS
7.1AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly...
9.8CVSS
7.8AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly...
9.8CVSS
7.6AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially...
7CVSS
6.5AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization...
9.8CVSS
7.7AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become...
9.8CVSS
7.7AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially...
7.8CVSS
7.4AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during...
9.8CVSS
7.7AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly...
9.8CVSS
7.8AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in...
7.8CVSS
7.1AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function...
7.8CVSS
7.5AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to...
9.8CVSS
7.7AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct...
7.8CVSS
7.1AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free...
7CVSS
6.4AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow...
7.8CVSS
7.4AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function...
7CVSS
6.5AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in...
9.8CVSS
8.8AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts which can result in buffer overflow of msg...
7.8CVSS
7.3AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer...
7CVSS
6.5AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer overwrite is possible in fw_name_store if image name is 64...
7.8CVSS
7.2AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun...
7.8CVSS
7.2AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel...
7.8CVSS
7AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than...
5.3CVSS
5AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform an arbitrary write into kernel...
7.8CVSS
7.1AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit...
7.8CVSS
7.2AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware...
9.8CVSS
8.9AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left...
7.8CVSS
7.1AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun...
7.8CVSS
7.2AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous...
7.8CVSS
7.2AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free...
7CVSS
6.4AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory...
7.8CVSS
7.1AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free...
7CVSS
6.4AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, a...
7.8CVSS
7.2AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free...
7.5CVSS
7.2AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer...
7CVSS
6.5AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will...
7.8CVSS
7.4AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can...
5.3CVSS
5AI Score
0.001EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access...
7.8CVSS
7.1AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun...
7.8CVSS
7.2AI Score
0.0004EPSS
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption...
9.8CVSS
8.7AI Score
0.001EPSS
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN...
7.5CVSS
7.3AI Score
0.001EPSS