45 matches found
Design/Logic Flaw
In the ADSP RPC driver in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05, an arbitrary kernel write can occur...
Out-of-bounds
In msmispifconfigstereo in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params-entriesi.vfeintf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write...
CVE-2017-11046
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur...
LG G4 - Touchscreen Driver write_log Kernel Read/Write
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=990 The following function and variations on the same code is used to write to files from kernel code in various touchscreen drivers. This copy is from RefCodeCustomerImplementation.c - I'm unsure which copy is actually being used ...
Sandbox Escape: Linux 3.4+: arbitrary write with CONFIG_X86_X32
asmlinkage long compatsysrecvmmsgint fd, struct compatmmsghdr user mmsg, unsigned int vlen, unsigned int flags, struct compattimespec user timeout int datagrams; struct timespec ktspec; if flags & MSGCMSGCOMPAT return -EINVAL; if COMPATUSE64BITTIME return sysrecvmmsgfd, struct mmsghdr user mmsg,...