The vulnerability of the Android operating system from the CAF repository exists due to the lack of checks on buffer size, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Android operating system from the CAF repository arises from the lack of checks for buffer sizes in mechanisms designed to protect against malicious software. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and...

The vulnerability in the task management of the 1x Android operating system from the CAF repository allows a attacker to trigger a buffer overflow.

Vulnerability of task management in the 1x Android operating system from the CAF repository. Exploiting this vulnerability can allow a malicious actor to trigger buffer overflows during task processing...

The vulnerability of the Android operating system from the CAF repository exists due to pointer assignment errors, allowing attackers to cause memory corruption.

The vulnerability of the Android operating system from the CAF repository is related to pointer assignment errors. Exploiting this vulnerability can allow a remote attacker to cause memory corruption in the Guest OS...

CVE-2017-9682

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition...

The vulnerability of the CAF repository in the Android operating system allows a hacker to cause the device to freeze.

The vulnerability of the CAF repository in the Android operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause the device to become unresponsive in a “hang” state by utilizing the...

UBUNTU-CVE-2017-8240

In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability...

The vulnerability of the OEM microprogramming software component of Qualcomm Secure Execution Environment allows a perpetrator to trigger a service failure or exert other effects on the system.

The vulnerability of the OEM microprogramming software component of Qualcomm Secure Execution Environment for Android, originating from the CAF repository, is related to buffer overflow attacks. Exploiting this vulnerability can allow a malicious actor to trigger service failures or cause other...

Old Android Flaw Elevates Privileges, Steals SMS, Call Logs

A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk. The...

Exploiting CVE-2016-2060 on Qualcomm Devices

Mandiant’s Red Team recently discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. The...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

Command injection

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

Code injection

A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

CVE-2013-2599

A certain Qualcomm Innovation Center QuIC patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum CAF releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption...

Code Aurora多个产品'CONFIG_STRICT_MEMORY_RWX'安全限制绕过漏洞

BUGTRAQ ID: 65630 CVECAN ID: CVE-2013-4737 Code Aurora Forum是Linux基金会协同项目。 Code Aurora多个项目的CONFIGSTRICTMEMORYRWX功能没有正确考虑某些内存区段，在实现中存在安全漏洞，这可使远程攻击者通过固定位置的RWX内存，利用此漏洞绕过目标访问限制。 0 Code Aurora QRD Android Code Aurora Firefox OS for MSM Code Aurora Android for MSM 厂商补丁： Code Aurora -----------...

Qualcomm Patches Privilege Escalation, DoS Vulnerabilities in Android Devices

Qualcomm has patched a handful of vulnerabilities in its devices that if exploited could leave Android OS kernels open to privilege escalation or denial of service DoS attacks. According to notes published earlier today by Michael Orlando, a vulnerability analyst at the United States Computer...