10 matches found
CVE-2017-17767
In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer...
CVE-2017-11056
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kernel space potentially leading to a page fault...
CVE-2017-11046
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur...
Old Android Flaw Elevates Privileges, Steals SMS, Call Logs
A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk. The...
Exploiting CVE-2016-2060 on Qualcomm Devices
Mandiant’s Red Team recently discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. The...
CVE-2013-6124
The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...
Code injection
A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...
Command injection
The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...
CVE-2013-6124
The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...
CVE-2013-2599
A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...