Buffer overflow

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted namelen and valuelen values ar...

Race condition

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API...

CVE-2017-18072

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, S...

CVE-2018-5824

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTTT2HMSGTYPERXFLUSH or HTTT2HMSGTYPERXPNIND messages, a buffer overflow can occur if the tid value obtained from the...

Integer overflow

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the numhwmodes or numphy, then it could result in an...

CVE-2017-15822

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur...

CVE-2018-3584

CVE-2018-3584 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds (CAF) with Linux kernels older than the 2018-04-05 patch level. The issue is a Use After Free in rmnet_usb_ctrl_init(), impacting the rmnet_usb component. In the NVD entry, CVSS v3.0 is 7.5 (HIGH) with netw...

CVE-2018-5821

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wmawowwakeuphostevent, wakeinfo-vdevid is received from FW and is used directly as array index to access wma-interfaces...

Android Security Bulletin—December 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2017-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check & update your Android version. Android partners are...

Android Security Bulletin—October 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of October 05, 2017 or later address all of these issues. To learn how to check a device's security patch level, see Check & update your Android version. Android partners ar...

Android Security Bulletin—February 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air OTA update. The Google device firmware images have also been released to the Google Developer...

Android Security Bulletin—January 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air OTA update. The Google device firmware images have also been released to the Google Developer...

Android Security Bulletin—May 2016Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air OTA update. The Nexus firmware images have also been released to the Google Developer site...