612 matches found
CVE-2019-10540
...
CVE-2017-0781
A remote code execution vulnerability in the Android system bluetooth. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105...
dirtyc0w
A race condition in the Linux kernel's handling of copy-on-write COW operations means that users can gain write access to otherwise read-only areas of memory and gain permissions...
Metaphor
A remote-access exploit that uses a vulnerability in libstagefright...
CVE-2016-10277
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing...
TowelRoot
The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification...
Qualcomm acdb audio buffer overflow
The acdb audio driver provides an ioctl system call interface to user space clients for communication. When processing arguments passed to the ioctl handler, a user space supplied size is used to copy as many bytes from user space to a local stack buffer without proper bounds checking. An...
QSEE privilege escalation
A vulnerability in the driver for Qualcomm's Trusted Excecution Environment allows code execution in this environment...
QSEECOM driver
A Linux kernel privilege escalation vulnerability allows arbitrary code to be executed within the kernel...
CVE-2015-6639
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875...
CVE-2019-10539
...
CVE-2019-10492
...
Qualcomm missing checks put_user get_user
Missing access checks in putuser/getuser kernel API CVE-2013-6282 QCIR-2013-00010-1: The getuser and putuser API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This functionality was originally implemented and controlled by the domain...
CVE-2015-3636
The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by leveraging the ability to make a...
CVE-2019-11516
...
CVE-2019-2130
...
WebKit Use-After-Free
A vulnerability in the WebKit browser engine allows a malicious webpage to perform remote code execution...
Stagefright
Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have...
Android Browser Exploit WebKit
A series of vulnerabilities in XSL in WebKit that allow denial of service and other effects...
CVE-2016-3951
Double free vulnerability in drivers/net/usb/cdcncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service system crash or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor...
CVE-2015-1805
The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly gain privileges via a...
CVE-2015-1538
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related...
CVE-2019-2308
...
CVE-2017-0782
A remote code execution vulnerability in the Android system bluetooth. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237...
Use-After-Free Remote
WebKit does not properly validate floating-point data in Android versions prior to 2.2, which allows a remote arbitrary code execution attack to occur through a crafted HTML page...
libperf_event
The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perfeventopen system call...
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."...
mempodroid - mempodripper - mem exploit
The memwrite function in the Linux kernel does not properly check permissions, allowing a user to gain privileges...
CVE-2015-3864
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an...
CVE-2017-8890
The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call...
CVE-2017-9417
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue...
sock_sendpage
A vulnerability in the kernel allows local users to gain privileges due to function pointers not being initialised. According to one source, Android versions up to 3.2.6 are vulnerable...
CVE-2016-2108
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service buffer underflow and memory corruption via an ANY field in crafted serialized data, aka the "negative zero" issue...
PingPongRoot
Wen Xu and wushi of KeenTeam discovered that users allowed to create ping sockets can use them to crash the system and, on 32-bit architectures, for privilege escalation. However, by default, no users on a Debian system have access to ping sockets...
CVE-2016-7911
Race condition in the gettaskioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service use-after-free via a crafted ioprioget system call...
CVE-2013-7446
Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AFUNIX socket permissions or cause a denial of service panic via crafted epollctl calls...
CVE-2017-0510
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2016-5340
The isashmemfile function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center QuIC Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem...
CVE-2016-2504
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 2013 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974...
pipe inatomic
The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly gain privileges via a...
CVE-2016-4470
The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...
CVE-2019-2107
In ihevcdparsepps of ihevcdparseheaders.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...
CVE-2017-11120
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204...
CVE-2016-10275
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...
CVE-2016-7910
Use-after-free vulnerability in the diskseqfstop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed...
CVE-2016-0758
Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data...
CVE-2015-0569
Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlanhddwext.c in the WLAN aka Wi-Fi driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to gain privileg...
prctl_set_vma_anon_name
An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel...
KillingInTheNameOf psneuter ashmem
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges...
CVE-2019-2330
...