16 matches found
CVE-2018-11919
Technical details (affected products, root cause, impact, and fixes) are not publicly available in the provided documents. Monitor for updates.
CVE-2018-3574
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the IONFLAGSECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which...
CVE-2017-15851
Lack of copyfromuser and information leak in function "msmoissubdevdoioctl, file msmois.c can lead to a camera crash in all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...
Design/Logic Flaw
Lack of copyfromuser and information leak in function "msmoissubdevdoioctl, file msmois.c can lead to a camera crash in all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...
CVE-2017-15851
Lack of copyfromuser and information leak in function "msmoissubdevdoioctl, file msmois.c can lead to a camera crash in all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...
CVE-2017-18159
CVE-2017-18159 affects CAF Android builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The issue is an out-of-bounds access when processing a StrHwPlatform whose length is smaller than EFICHIPINFO_MAX_ID_LENGTH, leading to a local, high-severity impact (CVSS 2.0/3.0:...
CVE-2018-5890
If the fdttotalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...
CVE-2018-5848
In the function wmisetie, the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ielen' argument can cause a buffer overflow in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android using the Linux Kernel...
Out-of-bounds
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msmflashsubdevdoioctl of drivers/media/platform/msm/camerav2/sensor/flash/msmflash.c, there is a possible out of bounds read if flashdata.cfgtype is CFGFLASHINIT due to improper inpu...
CVE-2018-3561
CVE-2018-3561 is a Qualcomm Diagchar-related issue affecting Android on MSM devices. The root cause is a race condition in diag_ioctl_lsm_deinit() that leads to a Use-After-Free condition. The vulnerability is characterized as Elevation of Privilege (EoP) with local access requirements and high i...
CVE-2017-18068
CVE-2017-18068 involves an improper buffer length calculation in wma_roam_scan_filter() that can cause a buffer overflow. Affected are Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF with the Linux kernel. The issue is classified as EoP/High-impact (CVSS v3.0: 7.8) with loca...
Buffer overflow
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs...
CVE-2017-11014
CVE-2017-11014 describes a buffer overflow in the Android/CAF/Linux kernel stack when parsing a Measurement Request IE in a Roam Neighbor Action Report. Affected products include Android for MSM, Firefox OS for MSM, and QRD Android with CAF Linux kernel releases. The CVSS data indicates high impa...
Race condition
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diagdbgfsreadtable...
CVE-2017-11059
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow...
CVE-2016-5863
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses...