EUVD-2016-4869

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-3856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other...

Code injection

drivers/media/platform/msm/camerav2/sensor/csid/msmcsid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29513227 and Qualcomm...

CVE-2016-3858

Buffer overflow in drivers/soc/qcom/subsystemrestart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and Qualcomm internal bug...

Code injection

The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897...

Design/Logic Flaw

drivers/mmc/card/mmcblocktest.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479...

UBUNTU-CVE-2014-9884

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740...

UBUNTU-CVE-2016-3856

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631...

UBUNTU-CVE-2015-8937

drivers/char/diag/diagcharcore.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 2013 devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548...

Code injection

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740...

Code injection

arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 a...

Command injection

Off-by-one error in drivers/media/platform/msm/camerav2/sensor/cci/msmcci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm...

UBUNTU-CVE-2014-9900

The ethtoolgetwol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android...

Integer overflow

Multiple integer overflows in lib/libfdt/fdtrw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078...

CVE-2014-9789

The 1 alloc and 2 free APIs in arch/arm/mach-msm/qdsp6v2/msmaudioion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm interna...

UBUNTU-CVE-2014-9789

The 1 alloc and 2 free APIs in arch/arm/mach-msm/qdsp6v2/msmaudioion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm interna...

Integer overflow

Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 2013 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764...

Design/Logic Flaw

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm...