CVE-2019-1986

In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in systemserver with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...

CVE-2018-11847

Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon...

CVE-2017-13151

A remote code execution vulnerability in the Android media framework libmpeg2. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456...

CVE-2017-0757

A remote code execution vulnerability in the Android media framework libavc. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815...

CVE-2016-10340

In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler...

CVE-2016-10297

In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist...

CVE-2015-7555

Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service program crash via crafted image and logical screen width fields in a GIF file...

CVE-2016-10238

In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue...

CVE-2016-6728

An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise,...

CVE-2015-0570

Stack-based buffer overflow in the SETWPSIE IOCTL implementation in wlanhddhostapd.c in the WLAN aka Wi-Fi driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafte...

CVE-2015-3875

libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted audio file, aka internal bug 22952485...

Use-After-Free camera driver exploit

A use-after-free vulnerability in the camera driver of Qualcomm MSM 7x30 SoCs...

libmsm memory corruption

A memory read exploit that uses a vulnerability in the camera driver...

pty race

The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...

Qualcomm Integer overflow camera

Integer overflow and signedness issue in camera JPEG engines CVE-2013-4736 QCIR-2013-00005-1: The JPEG engines that are part of the camera driver provide an ioctl system call interface to user space clients for communication. When processing hardware commands ioctl calls, the drivers are...

No SELinux in Android 4.3 and below

Android 4.3 and below do not use Security-Enhanced Linux SELinux for mandatory access control, which means that a process with root access can gain access to the kernel...

CVE-2018-13898

Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655,...

CVE-2019-2256

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2018-11945

Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

CVE-2018-9583

In btaagparsecmer of btaagcmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges...

CVE-2018-9504

In sdpcopyrawdata of sdpdiscovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

CVE-2018-9475

...

CVE-2018-11950

Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850...

CVE-2017-18171

Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD...

CVE-2018-11257

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850...

CVE-2018-5874

While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear...

CVE-2017-13256

In processservicesearchattrreq of sdpserver.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1,...

CVE-2017-11121

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205...

CVE-2016-10333

In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS...

CVE-2016-10336

In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot...

CVE-2014-9924

In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur...

CVE-2016-10240

...

CVE-2014-9931

A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value...

CVE-2016-8431

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2015-3288

mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service page tainting via a crafted application that triggers writing to page zero...

CVE-2016-6917

Buffer overflow in nvhostjob.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5...

CVE-2016-6699

A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code...

CVE-2016-3742

decoder/ih264dprocessintramb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28165659...

CVE-2015-3871

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 23031033...

CVE-2015-6600

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 22882938...

exploid udev

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space...

CVE-2019-2255

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2019-1989

In ih264dfmtconv420spto420p of ih264dformatconv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

CVE-2018-6271

NVIDIA Tegra OpenMax driver libnvomx contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474...

CVE-2019-1992

In btahlsdpqueryresults of btahlmain.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

CVE-2018-9549

In lppTransposer of lpptran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

CVE-2017-18141

When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206,...

CVE-2018-9450

In avrcprocvendorcommand of avrcapi.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0...

CVE-2017-18296

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD...

CVE-2017-18155

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault...