Pixel / Nexus Security Bulletin—November 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-11-05 or later address all issues in this bulletin and all issues in the...

Pixel / Nexus Security Bulletin—October 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-10-05 or later address all issues in this bulletin and all issues in the...

Android Security Bulletin—October 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-10-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Pixel / Nexus Security Bulletin—September 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-09-05 or later address all issues in this bulletin and all issues in the...

Android Security Bulletin—September 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-09-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2018-5873

An issue was discovered in the nsgetpath function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel Android for MSM, Firefox OS for MSM, QRD Andro...

Race condition

An issue was discovered in the nsgetpath function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel Android for MSM, Firefox OS for MSM, QRD Andro...

Integer overflow

While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur...

CVE-2018-5872

While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur...

CVE-2018-5898

Integer overflow can occur in msmpcmadspstreamcmdput function if the user supplied data "paramlength" goes beyond certain limit in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

Integer overflow

While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

Information disclosure

While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

CVE-2017-14893

While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android...

CVE-2018-5895

Buffer over-read may happen in wmaprocessutfevent due to improper buffer length validation before writing into parambuf-numwowpacketbuffer in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

CVE-2017-14872

CVE-2017-14872 describes a potential buffer over-read during flashing of a meta image in CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) when the number of images exceeds the maximum range of 32, before the 2018-06-05 security patch level. The issue is associated with the ...

Pixel / Nexus Security Bulletin—July 2018Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel/Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices Google devices. For Google devices, security patch levels of 2018-07-05 or later address all issues in this bulletin and all issues in the...

Security Bulletin: OpenSource Apache ActiveMQ Vulnerability identified with Jazz for Service Management (JazzSM) v1.1.3 (CVE-2015-5254)

Summary OpenSource Apache ActiveMQ Vulnerability identified with Jazz for Service Management v1.1.3 Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can...

Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031)

Summary Jazz for Service Management JazzSM is affected by an Apache Commons FileUpload vulnerability. JazzSM has addressed this vulnerability Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: JazzSM could allow a remote attacker to execute arbitrary code on the system, caused by...

CVE-2017-6292

In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. User interaction is not needed for...

CVE-2017-6294

In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of privilege from the kernel to the TZ. User interaction is not needed for exploitation. This issue is rated as high. Versio...