CVE-2014-9868

drivers/media/platform/msm/camerav2/sensor/csiphy/msmcsiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bu...

Integer overflow

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470...

Code injection

drivers/media/platform/msm/camerav2/isp/msmispstatsutil.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualco...

CVE-2014-9872

The CVE-2014-9872 entry concerns the Qualcomm diag driver in Android on Nexus 5 prior to 2016-08-05. The issue is that the diag driver does not ensure unique identifiers in a DCI client table, which could allow a crafted application to escalate privileges. The vulnerability is tied to Android int...

CVE-2014-9873

Integer underflow in drivers/char/diag/diagdci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR55686...

CVE-2015-8940

Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367...

CVE-2014-9874

Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 2013 devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audioutils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and...

CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470...

CVE-2016-3828

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service device hang or reboot via a crafted media file, aka internal bug 28835995...

CVE-2014-9902

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 2013 devices allows remote attackers to execute arbitrary code via a crafted Information Element IE in an 802.11 management frame, aka Android internal bug 28668638 and...

Remote code execution

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870...

CVE-2016-3850

CVE-2016-3850 describes an integer overflow in aboot.c (Qualcomm bootloader) affecting Android devices prior to 2016-08-05, including Nexus 5, 5X, 6P, and 7 (2013). The vulnerability allows privilege escalation via a crafted header field in a boot image. The provided documents do not specify exac...

CVE-2016-3857

CVE-2016-3857 is an Android/Linux kernel privilege-escalation flaw in the ARM OABI compatibility layer present on Nexus 7 (2013) devices prior to 2016-08-05. The issue arises from two bugs in the ARM OABI area that can let local attackers escalate privileges via a crafted app (internal bug 285225...

August 2016 Android Security Bulletin

Google today patched more than three-dozen critical vulnerabilities in Qualcomm components embedded in the Android operating system, all of them allowing attackers to gain a foothold on devices to launch further attacks. The Qualcomm-related patches are among dozens in the monthly Android Securit...

Android MediaTek Wi-Fi boost vulnerability

Android on Android One is a Linux-based open source operating system for Android One smartphone developed by Google and the Open Handset Alliance OHA in the U.S. MediaTek Wi-Fi driver is one of the components of MediaTek Wi-Fi driver. MediaTek Wi-Fi driver is a wireless card driver component...

CVE-2016-3796

The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244...

CVE-2016-3757

The printmaps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237...

CVE-2016-3751

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka interna...

CVE-2014-9801

Multiple integer overflows in lib/libfdt/fdtrw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078...

Design/Logic Flaw

drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm intern...