612 matches found
CVE-2019-10540
...
CVE-2017-0781
A remote code execution vulnerability in the Android system bluetooth. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105...
dirtyc0w
A race condition in the Linux kernel's handling of copy-on-write COW operations means that users can gain write access to otherwise read-only areas of memory and gain permissions...
Metaphor
A remote-access exploit that uses a vulnerability in libstagefright...
CVE-2016-10277
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing...
Qualcomm acdb audio buffer overflow
The acdb audio driver provides an ioctl system call interface to user space clients for communication. When processing arguments passed to the ioctl handler, a user space supplied size is used to copy as many bytes from user space to a local stack buffer without proper bounds checking. An...
TowelRoot
The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification...
QSEE privilege escalation
A vulnerability in the driver for Qualcomm's Trusted Excecution Environment allows code execution in this environment...
QSEECOM driver
A Linux kernel privilege escalation vulnerability allows arbitrary code to be executed within the kernel...
Qualcomm Integer oveflow diagnostics
QCIR-2012-00001-1: Multiple security vulnerabilities have been discovered in the handling of the diagcharioctl and kgslioctl system call parameters for the diagnostics DIAG and KGSL graphics kernel drivers for Android...
CVE-2015-6639
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875...
CVE-2019-10539
...
Qualcomm missing checks put_user get_user
Missing access checks in putuser/getuser kernel API CVE-2013-6282 QCIR-2013-00010-1: The getuser and putuser API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This functionality was originally implemented and controlled by the domain...
CVE-2019-10492
...
CVE-2015-3636
The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by leveraging the ability to make a...
CVE-2019-11516
...
WebKit Use-After-Free
A vulnerability in the WebKit browser engine allows a malicious webpage to perform remote code execution...
mempodroid - mempodripper - mem exploit
The memwrite function in the Linux kernel does not properly check permissions, allowing a user to gain privileges...
CVE-2019-2130
...
Android Browser Exploit WebKit
A series of vulnerabilities in XSL in WebKit that allow denial of service and other effects...
libperf_event
The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perfeventopen system call...
CVE-2017-0782
A remote code execution vulnerability in the Android system bluetooth. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237...
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."...
CVE-2015-1538
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related...
Stagefright
Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have...
CVE-2016-3951
Double free vulnerability in drivers/net/usb/cdcncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service system crash or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor...
CVE-2019-2308
...
CVE-2015-1805
The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly gain privileges via a...
Use-After-Free Remote
WebKit does not properly validate floating-point data in Android versions prior to 2.2, which allows a remote arbitrary code execution attack to occur through a crafted HTML page...
CVE-2017-9417
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue...
CVE-2015-3864
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an...
CVE-2013-7446
Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AFUNIX socket permissions or cause a denial of service panic via crafted epollctl calls...
PingPongRoot
Wen Xu and wushi of KeenTeam discovered that users allowed to create ping sockets can use them to crash the system and, on 32-bit architectures, for privilege escalation. However, by default, no users on a Debian system have access to ping sockets...
sock_sendpage
A vulnerability in the kernel allows local users to gain privileges due to function pointers not being initialised. According to one source, Android versions up to 3.2.6 are vulnerable...
CVE-2016-2108
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service buffer underflow and memory corruption via an ANY field in crafted serialized data, aka the "negative zero" issue...
CVE-2017-8890
The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call...
pipe inatomic
The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly gain privileges via a...
CVE-2016-10339
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore...
CVE-2016-7911
Race condition in the gettaskioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service use-after-free via a crafted ioprioget system call...
CVE-2016-5340
The isashmemfile function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center QuIC Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem...
CVE-2019-2107
In ihevcdparsepps of ihevcdparseheaders.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...
CVE-2017-0510
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2016-2504
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 2013 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974...
CVE-2017-11120
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204...
CVE-2016-10275
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2016-4470
The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...
CVE-2016-7910
Use-after-free vulnerability in the diskseqfstop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed...
CVE-2016-0758
Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data...
Qualcomm TrustZone
An exploit which allows code execution within the TrustZone kernel. This may allow capturing of secret keys, disabling of hardware protection and unlocking locked bootloaders...
prctl_set_vma_anon_name
An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel...