CVE-2017-17771

In msmisppreparev4l2buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur...

Heap overflow

In the handler for the ioctl command VIDIOCMSMISPDUALHWLPMMODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists...

CVE-2017-11087

libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver...

Race condition

There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver...

CVE-2017-17769

Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver...

CVE-2017-14892

In the function msmpcmhwparams in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asmopensharedio is not checked properly potentially leading to a possible dangling pointer access...

CVE-2017-14876

In msmispifconfigstereo in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params-entriesi.vfeintf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write...

CVE-2017-14877

While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPAIOCQUERYRTTBLINDEX while another sends an ioctl cmd IPAIOCDELRTRULE, a use-after-free conditi...

CVE-2017-15852

Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver...

CVE-2017-15852

CVE-2017-15852 is an information-disclosure vulnerability affecting Qualcomm MSM camera components, specifically an ISPIF/base address exposure in the camera driver (Framebuffer path referenced in Pixel/Qualcomm mappings). The NVD entry describes an information leak of the ISPIF base address that...

CVE-2017-9692

CVE-2017-9692 is tracked in multiple sources with a concrete reference to the Graphics driver in Google device updates, listing DoS (local) as the vulnerability type. The issue is described as a NULL pointer dereference that can occur when an atomic commit is issued on a writeback panel with a NU...

CVE-2017-17771

In msmisppreparev4l2buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur...

CVE-2017-15859

CVE-2017-15859 is a buffer overrun in the Qualcomm Atheros WLAN stack (qcacld-2.0), triggered when QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB carries fewer than 1 byte in the TXPOWER_SCALE_DECR_DB attribute. Affected: Android for MSM, Firefox OS for MSM, and QRD Android devices prior to ...

CVE-2017-9693

CVE-2017-9693 describes a local vulnerability in Android for MSM, Firefox OS for MSM, and QRD Android where the length of the STA_EXT_CAPABILITY attribute value is shorter than StaParams.extn_capability, causing a memcpy from params->ext_capab to StaParams.extn_capability to read extra bytes. ...

CVE-2017-17766

CVE-2017-17766 affects Android/Qualcomm wireless components (MSM stack) and is caused by insufficient validation of num_peers received from firmware, enabling an integer overflow in the buffer allocation size and potentially leading to a buffer overflow. Affected products include Android for MSM,...

CVE-2017-17771

CVE-2017-17771 affects the MSM camera path (msm_isp_prepare_v4l2_buf) in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-02-12. The issue is an array out-of-bounds condition in the buffer preparation routine. The root cause is within the Qualcomm MSM media/camera stack, impacti...

CVE-2017-14876

The CVE-2017-14876 vulnerability affects Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-06-21. The root cause is a lack of bounds checking on params->entries[i].vfe_intf in msm_ispif_config_stereo(), which can lead to a kernel out-of-bounds write. Exploitation status is not...

CVE-2017-17769

CVE-2017-17769 involves information leakage in the Qualcomm component (MSM audio driver; listed as qdsp6v2 in the Pixel bulletin) affecting Android for MSM and related builds. The vulnerability is an information-disclosure issue with confidentiality impact (NVD CVSS3: HIGH, base 5.5) and is categ...

CVE-2017-14877

CVE-2017-14877 affects the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-08-31. Root cause: there is no mutex lock around allocated memory when processing IOCTLs, enabling a use-after-free if IPA_IOC_QUERY_RT_TBL_INDEX and IPA_IOC_DEL_RT_RULE are issued concurre...

CVE-2017-9691

There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver...