34 matches found
CVE-2019-2111
In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9...
The vulnerability of the Android operating system, which allows a perpetrator to trigger a service failure or cause other effects
The vulnerability of the netd process in the Android operating system is related to errors in restrictions and stdio streams. Exploiting this vulnerability allows a malicious actor to cause service failures or other effects through a specially created application...
Android netd Denial of Service Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. netd is a network daemon. A security vulnerability exists in netd in versions of Android prior to 2016-08-05, which stems from the program's failure to properly handle tethering a...
CVE-2016-3856
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...
CVE-2016-3856
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...
Code injection
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...
CVE-2016-3856
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...
UBUNTU-CVE-2016-3856
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...
CVE-2016-3856
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...
CVE-2016-3856
CVE-2016-3856 affects Android’s netd daemon, where versions prior to 2016-08-05 mishandle tethering and stdio streams. The root cause is a handling flaw in tethering/stdio data processing, which can be exploited by a crafted application to cause a denial of service and potentially other unspecifi...
CVE-2016-2060
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a...
CVE-2016-2060
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a...
CVE-2016-2060
CVE-2016-2060 is a local privilege escalation in Qualcomm/netd tethering controls caused by inadequate validation of the upstream interface parameter. FireEye’s analysis and Qualcomm advisories describe that untrusted interface values can be passed through addUpstreamV6Interface to netd, which ul...
Exploiting CVE-2016-2060 on Qualcomm Devices
Mandiant’s Red Team recently discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. The...