Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability

The Code Aurora audio calibration database acdb audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android...

VulnCheck KEV: CVE-2013-2597

The Code Aurora audio calibration database acdb audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android...

CVE-2017-17767

In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer...

CVE-2017-11056

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kernel space potentially leading to a page fault...

CVE-2017-11046

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur...

CVE-2017-9682

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition...

UBUNTU-CVE-2017-8240

In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability...

Old Android Flaw Elevates Privileges, Steals SMS, Call Logs

A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk. The...

Exploiting CVE-2016-2060 on Qualcomm Devices

Mandiant’s Red Team recently discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. The...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

Command injection

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

Code injection

A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

CVE-2013-2599

A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...

Code Aurora多个产品'CONFIG_STRICT_MEMORY_RWX'安全限制绕过漏洞

BUGTRAQ ID: 65630 CVECAN ID: CVE-2013-4737 Code Aurora Forum是Linux基金会协同项目。 Code Aurora多个项目的CONFIGSTRICTMEMORYRWX功能没有正确考虑某些内存区段，在实现中存在安全漏洞，这可使远程攻击者通过固定位置的RWX内存，利用此漏洞绕过目标访问限制。 0 Code Aurora QRD Android Code Aurora Firefox OS for MSM Code Aurora Android for MSM 厂商补丁： Code Aurora -----------...

Qualcomm Patches Privilege Escalation, DoS Vulnerabilities in Android Devices

Qualcomm has patched a handful of vulnerabilities in its devices that if exploited could leave Android OS kernels open to privilege escalation or denial of service DoS attacks. According to notes published earlier today by Michael Orlando, a vulnerability analyst at the United States Computer...