CVE-2017-18157

CVE-2017-18157 is described as a Use After Free condition in the Thermal Engine affecting Snapdragon Automotive, Mobile, and Wear platforms (list includes MDM9206, MDM9607, MDM9650, MSM89xx series, SD 210–835, SDX20, etc.). The connected sources corroborate the presence of a use-after-free in the...

CVE-2017-15841

When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SnapdragonHighMed2016...

CVE-2017-18172

In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD...

CVE-2017-18302

CVE-2017-18302 affects Qualcomm Snapdragon SoCs (MSM8996AU and numerous SD/i variants listed) where a crafted HLOS client can modify in-memory structures passed to a QSEE application between check and use. This leads to arbitrary writes to TZ kernel memory regions, i.e., local elevation of privil...

CVE-2017-18145

CVE-2017-18145 describes a Use-After-Free condition in the DPM native process while handling Android framework events on Qualcomm Snapdragon platforms. The underlying issue is that an iterator pointer is deleted after an event is processed, which can cause a Use After Condition during processing ...