July 10, 2018—KB4338830 (Monthly Rollup)

July 10, 2018—KB4338830 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4284852 released June 21, 2018 and addresses the following issues: Provides protections from an additional subclass of speculative execution side-channel...

Huawei Mate 9 Pro Mali Double Free Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei Mate 9 Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Mali GPU...

FreeBSD -- Mishandling of x86 debug exceptions

Problem Description: The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the...

Huawei P8 wkupccpu debugfs Kernel Buffer Overflow Vulnerability

Exploit for hardware platform in category dos / poc Vulnerability Summary The following advisory describes a buffer overflow found in Huawei P8 Lite ALE-21 HI621sft, operating system versions EMUI 3.1 – wkupccpu debugfs driver. Huawei Technologies Co. Ltd. is “a multinational networking and...

Out-of-bounds

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...

Updated kernel-tmb packages fixes security and other bugs

This kernel-tmb update is based on upstream 4.9.43 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to cod...

Multiple vulnerabilities in Google Android Qualcomm components (CNVD-2017-14387)

Android is a free and open-source Linux-based operating system used primarily on mobile devices. Multiple vulnerabilities exist in the Google Android Qualcomm component. An attacker can exploit the vulnerabilities to obtain sensitive information and execute arbitrary code with elevated privileges...

CVE-2017-6248

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A...

Privilege escalation

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2017-0648

An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the...

Android kernel FIQ debugger elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. kernel FIQ debugger is one of the kernel debugger components. An elevation of privilege vulnerability exists in the kernel FIQ debugger in Android. An attacker can exploit this...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Qualcomm Android operating system’s camera driver is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Qualcomm Android operating system’s audio driver is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...

Vulnerability of NVIDIA GPU operating system drivers for Android, allowing attackers to execute arbitrary code

The vulnerability of NVIDIA GPU operating system drivers for Android is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “critical” due to the possibility of...

The vulnerability of the Qualcomm Wi-Fi driver for the Android operating system allows a hacker to execute arbitrary code.

The vulnerability of Qualcomm Wi-Fi driver in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...

Vulnerability of NVIDIA GPU operating system drivers for Android, allowing attackers to execute arbitrary code

The vulnerability of NVIDIA GPU operating system drivers for Android is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “critical” due to the possibility of...

The vulnerability of the audio driver of Qualcomm’s Android operating system allows a hacker to execute arbitrary code.

The vulnerability of the Qualcomm Android operating system’s audio driver is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...

CVE-2017-0621

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2017-0620

An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android...

CVE-2017-0608

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...