Android Security Vulnerabilities
An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.
3.3CVSS
4.7AI Score
0.001EPSS
An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.
3.3CVSS
4.7AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address wi...
9.8CVSS
8.4AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.
7.8CVSS
7.6AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.
5.5CVSS
5.9AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.
7.8CVSS
7.5AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
7CVSS
6.8AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.
7.8CVSS
7.2AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
7CVSS
6.8AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.
7.8CVSS
7.4AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.
7CVSS
7.2AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.
7.8CVSS
7.5AI Score
0.001EPSS
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not u...
9.8CVSS
6.9AI Score
0.005EPSS
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
9.8CVSS
8.1AI Score
0.341EPSS
Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. Thi...
7.5CVSS
7.5AI Score
0.002EPSS
In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.
7.8CVSS
7.4AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.
7.8CVSS
7.5AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.
5.5CVSS
5.8AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.
7.8CVSS
7.7AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.
7.8CVSS
7.8AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.
7.8CVSS
7.4AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
5.5CVSS
6AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.
7.8CVSS
7.3AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.
7.8CVSS
7.7AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.
5.9CVSS
5.7AI Score
0.001EPSS
A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.
7.8CVSS
7.6AI Score
0.001EPSS
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on ...
7CVSS
6.6AI Score
0.001EPSS
In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs.
7.8CVSS
7.4AI Score
0.0004EPSS
In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the sam...
7.8CVSS
7.2AI Score
0.0004EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function "msm_...
7.8CVSS
7.7AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negati...
7.8CVSS
8AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle.
7.8CVSS
8AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.
7.8CVSS
7.2AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.
5.5CVSS
5.7AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.
7.8CVSS
7.4AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.
7.8CVSS
7.3AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.
7.8CVSS
7.4AI Score
0.001EPSS
An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.
5.5CVSS
5.6AI Score
0.001EPSS
In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.
7.8CVSS
7.5AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.
7.8CVSS
7.3AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.
7.8CVSS
6.4AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.
7CVSS
6.7AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.
7.8CVSS
7.1AI Score
0.001EPSS
A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.
7.8CVSS
7.2AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.
7CVSS
6.6AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
7CVSS
6.7AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.
7CVSS
6.8AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.
7.8CVSS
7.4AI Score
0.001EPSS
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.
5.5CVSS
5.9AI Score
0.001EPSS
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.
7CVSS
6.7AI Score
0.001EPSS