8153 matches found
CVE-2017-18679
CVE-2017-18679 affects Samsung mobile devices running Android M (6.0). The issue arises from SLocation triggering a system crash when calling an API that is not implemented. The vulnerability impact is a denial of service via a crash, with an Availability impact of HIGH per CVSS 3.1 metrics, and ...
CVE-2017-10996
CVE-2017-10996 affects Qualcomm devices running CAF Android builds that use the Linux kernel. The vulnerability is an out-of-bounds access in c_show() caused by compat_hwcap_str[] not being NULL-terminated. The issue could cause device crashes/reboots (memory violation/out-of-bounds access). The ...
CVE-2017-11016
CVE-2017-11016 affects Android on MSM/CAF/Linux kernel variants, specifically when memory allocation fails during create_cal_block in calibration handling, leaving stale pointers. Connected Android bulletin detail positions CVE-2017-11016 under Qualcomm components for Pixel/Nexus devices and clas...
CVE-2017-11023
Technical details (affected products, versions, root cause, and fixes) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2017-11044
The CVE-2017-11044 entry involves Android for MSM, Firefox OS for MSM, and QRD Android on CAF Linux kernel builds, where a race condition in a KGSL driver function can cause a Use-After-Free condition. The vulnerability is tied to a race in a KGSL driver path, leading to potential memory misuse. ...
CVE-2017-11050
CVE-2017-11050 concerns Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The description indicates that when the pktlogconf tool provides a pktlog buffer smaller than the minimal possible source data size in the host driver, a potential buffer overflow can occu...
CVE-2017-11063
CVE-2017-11063 describes a race condition between two userspace processes that interact with a driver in Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF/Linux kernel. The race condition can lead to a null pointer dereference, i.e., a potential crash; exploitation details, af...
CVE-2017-11072
Summary: CVE-2017-11072 corresponds to an elevation-of-privilege vulnerability in Android's Partition table updater, affecting Google Pixel/Nexus devices. Affected component: Partition table updater in Android on CAF/Kernel stack with GPT header processing. Root cause: Buffer overflow when calcul...
CVE-2017-13158
CVE-2017-13158 is an information-disclosure vulnerability in Android's activitymanagerservice affecting Android 5.1.1 through 8.0 (including 8.0). The issue is a information disclosure vulnerability in the System component that could expose data to an attacker. CVSSv3 base score 7.5 (NETWORK, LOW...
CVE-2017-13159
CVE-2017-13159 is an information-disclosure flaw in Android’s activitymanagerservice. The Android Security Bulletin (Dec 2017) lists it under the System component with bug ID A-32879772 and affected Android versions 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. Patch levels 2017-12-01 and 2017-1...
CVE-2017-13174
CVE-2017-13174 is documented in the Android kernel (EDL) as an Elevation of Privilege issue. Connected sources confirm it is part of the 2017-12-05 patch level kernel fixes, but no detailed affected versions or explicit remediation steps are provided beyond this bulletin reference.
CVE-2017-13193
CVE-2017-13193 affects Android via the Media/HEVC decoding path. The issue is an infinite loop in ihevcd_decode.c triggered by an sps with an unsupported resolution, causing the same SPS to be fed repeatedly. This can lead to a remote denial of service on a critical system process with no user in...
CVE-2017-13231
CVE-2017-13231 refers to an out-of-bounds write in libmediadrm on Android 8.0 and 8.1 caused by improper input validation, enabling local elevation of privilege without user interaction. In the connected Android security bulletin, this issue is listed under the Media framework with a High impact ...
CVE-2017-13263
CVE-2017-13263 affects the Android framework (Android 8.0 and 8.1). The incident is classified as an Elevation of Privilege (EoP) in the framework; no specific root-cause technical details are provided in the documents. The accessible sources identify it under the Framework category with a Modera...
CVE-2017-13290
CVE-2017-13290 affects Android: the issue is an out-of-bounds read in sdp_server_handle_client_req within sdp_server.cc, caused by a missing bounds check. This leads to local information disclosure with no privileges required and no user interaction. Versions impacted include Android 6.0–8.1. The...
CVE-2017-14882
CVE-2017-14882 affects Android for MSM, Firefox OS for MSM, QRD Android, and CAF Linux-kernel builds. The issue stems from processing a VENDOR specific action frame in lim_process_action_vendor_specific(), where the incoming action frame body is length-validated, allowing potential out-of-bounds ...
CVE-2017-14893
CVE-2017-14893 involves a potential buffer over-read during flashing a meta image in Android CAF builds (Android for MSM, Firefox OS for MSM, QRD Android) via the Linux kernel, before the 2018-06-05 patch level. Root cause: image size smaller than the image header or header plus header entries tr...
CVE-2017-15815
CVE-2017-15815 describes a potential buffer overflow in the WLAN processing path of Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel, specifically when handling 802.11 MGMT frames (e.g., Auth) inside limProcessAuthFrame. The issue is triggered during processing o...
CVE-2017-15823
The CVE-2017-15823 entry affects Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, where spectral_create_samp_msg() may mishandle firmware values, potentially causing a buffer overflow. The description notes improper validation of firmware values as the root cause. No exploi...
CVE-2017-15826
The CVE-2017-15826 entry describes a race condition in the MDSS rotator used in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-10-20, potentially enabling a double-free when two threads free the same perf structures. The NVD entry confirms a LOCAL attack with medium complexity...
CVE-2017-15837
CVE-2017-15837 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds in CAF-derived Linux kernels prior to 2018-04-05. The issue is a missing NL80211_PKTPAT_OFFSET policy, which can cause a buffer over-read in nla_get_u32(). Impact is a partial confidentiality risk with no ...
CVE-2017-15852
CVE-2017-15852 is an information-disclosure vulnerability affecting Qualcomm MSM camera components, specifically an ISPIF/base address exposure in the camera driver (Framebuffer path referenced in Pixel/Qualcomm mappings). The NVD entry describes an information leak of the ISPIF base address that...
CVE-2017-15860
CVE-2017-15860 affects Qualcomm WLAN in Android CAF builds using the Linux kernel. In these releases, processing an encrypted authentication management frame can trigger a stack buffer overflow in the Qualcomm component, with the Android bulletin listing this as a Remote Code Execution (RCE) vuln...
CVE-2017-18059
CVE-2017-18059 affects Qualcomm WLAN/WMA on Android platforms (Android for MSM, Firefox OS for MSM, QRD Android) with CAF Linux kernel. The root cause is improper input validation of the vdev id in wma_scan_event_callback() (received from firmware), which can lead to an out-of-bounds memory read....
CVE-2017-18065
CVE-2017-18065 corresponds to a Qualcomm Wma component Elevation of Privilege vulnerability in Android for MSM/CAFLinux-based builds. The issue arises from improper input validation of vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is sourced from firmware, allowing arbitr...
CVE-2017-18067
CVE-2017-18067 affects the Qualcomm Wireless network driver in Android Qualcomm components (CAF/Linux-based Android releases). The root cause is improper input validation when processing an encrypted authentication management frame (lim_send_auth_mgmt_frame()), leading to a buffer overflow. The d...
CVE-2017-18159
CVE-2017-18159 affects CAF Android builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The issue is an out-of-bounds access when processing a StrHwPlatform whose length is smaller than EFICHIPINFO_MAX_ID_LENGTH, leading to a local, high-severity impact (CVSS 2.0/3.0:...
CVE-2017-18645
CVE-2017-18645 affects Samsung mobile devices with M(6.x) and N(7.x) Qualcomm chipsets. The issue is a panel_lpm sysfs stack-based buffer overflow in the software, with CVSSv3.1/2.0 vectors indicating a network attack vector, low complexity, no authentication, and high confidentiality, integrity,...
CVE-2017-18646
This CVE reports a bypass of the password requirement for tablet user switching on Samsung mobile devices running M(6.x) and N(7.x) software. The underlying issue allows an attacker to bypass protection by folding the magnetic cover, as described in multiple sources (Samsung ID SVE-2017-10602). C...
CVE-2017-18663
CVE-2017-18663 affects Samsung mobile devices running N(7.x). Root cause: missing Intent exception handling causes a NullPointerException in system_server, potentially crashing a system process. Samsung identifiers: SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, SVE-2017-9126 (July 2017). Connected...
CVE-2017-18678
CVE-2017-18678 affects Samsung mobile devices running KK(4.4) to N(7.x). The issue allows an attacker to crash system processes via a Serializable object due to missing exception handling. Reported Samsung internal identifiers are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SV...
CVE-2017-18683
Technical details of CVE-2017-18683 are not publicly available in the provided documents. The entries reference Samsung devices and SVoice behavior but do not specify affected components, root cause, impact, or remediation. Monitor for updates.
CVE-2017-18684
CVE-2017-18684 affects Samsung mobile devices running Lollipop 5.0/5.1 and Marshmallow 6.0 (SVoice). The issue allows a provider seizure via an application that uses a custom provider, as described in the Red Hat and NVD entries. The exact root cause details are not fully disclosed in the provide...
CVE-2017-3750
On Lenovo VIBE phones, the Lenovo Security Android app allows private data to be backed up and restored via Android Debug Bridge, enabling tampering that leads to privilege escalation when exploited with CVE-2017-3748 and CVE-2017-3749. The root cause is described as improper access controls on t...
CVE-2017-6275
CVE-2017-6275 affects NVIDIA Tegra kernel CORE DVFS Thermal driver. The vulnerability arises from missing bounds checking in the thermal driver, enabling reading/writing of memory beyond buffer boundaries, potentially causing denial of service or privilege escalation. Public details in connected ...
CVE-2017-6279
CVE-2017-6279 affects NVIDIA Tegra OpenMax component OMX.Nvidia.aac.decoder in the Android media framework. The vendor bulletin notes the component is not actively used or maintained, and that disabling dead code to avoid malicious software can allow instantiation of this component, potentially l...
CVE-2017-6285
CVE-2017-6285 affects NVIDIA libnvrm within Android on Pixel/Nexus devices, caused by a missing bounds check that enables a local information-disclosure through an out-of-bounds read. The vulnerability is listed under NVIDIA components in the Pixel/Nexus 2018-03-01 bulletin; mitigation requires p...
CVE-2017-6286
The CVE-2017-6286 issue affects NVIDIA libnvomx in Android and involves a possible out-of-bounds write due to a missing bounds check, enabling local escalation of privilege. Affected component: NVIDIA libnvomx (Android). Impact: local privilege escalation with potential arbitrary code execution w...
CVE-2017-6294
CVE-2017-6294 is an NVIDIA TLK TrustZone OS issue in the logging driver for Tegra X1 TZ (TLK TrustZone OS). The vulnerability could allow arbitrary code execution, DoS, or privilege escalation with local access. Affected: SHIELD TV on Android; vulnerable component is the TLK TrustZone OS logging ...
CVE-2017-8239
CVE-2017-8239 is an information-disclosure issue in the Camera driver on Android devices (Qualcomm components) listed under the 2017 Pixel/Nexus bulletin. The vulnerability is categorized as ID with moderate severity in the camera driver, with no exploitation details provided in the available doc...
CVE-2017-9683
CVE-2017-9683 describes an integer overflow in Android for MSM/CAF Linux kernel when flashing a meta image if user-supplied image offset/size are too large. Affected: Android for MSM, Firefox OS for MSM, QRD Android with CAF Linux kernel (all CAF-based Android releases). Root cause: integer overf...
CVE-2017-9692
CVE-2017-9692 is tracked in multiple sources with a concrete reference to the Graphics driver in Google device updates, listing DoS (local) as the vulnerability type. The issue is described as a NULL pointer dereference that can occur when an atomic commit is issued on a writeback panel with a NU...
CVE-2017-9700
CVE-2017-9700 affects Android-on-MSM variants (CAFs/Linux kernel-based Android builds) where a 64-character image name can trigger a buffer overwrite in fw_name_store. The vulnerability is rooted in image-name handling within the fw_name_store path, impacting Android for MSM, Firefox OS for MSM, ...
CVE-2018-11299
CVE-2018-11299 affects CAF WLAN host driver in Android/Linux kernel: when WLAN firmware does not fill the vdev id correctly in stats events, the driver may access an interface array without proper bounds checking, causing invalid memory access and potentially kernel panic or page fault. Connected...
CVE-2018-11843
CVE-2018-11843 affects Qualcomm WLAN host components; the issue is use-after-free caused by missing return-value checks in the WMA vdev start/response path. Documented as High severity with local attack vector in Qualcomm/Android bulletins; patches are available in the 2020-01 Android security bu...
CVE-2018-21076
CVE-2018-21076 concerns Samsung mobile devices with N(7.x) Exynos8890/8895 SoCs, where a modified trustlet in the Secure Driver can disclose a KASLR offset. The core issue is information disclosure rather than code execution, with a local access vector implied by the need to interact with the Sec...
CVE-2018-21077
CVE-2018-21077 affects Samsung mobile devices running Android M(6.0), N(7.x), and O(8.x). The issue is a clipboard content disclosure in the locked state when the keyboard may be used during an emergency call. Samsung internal ID: SVE-2017-11107 (April 2018). Public details: CVSSv3.1 base score 2...
CVE-2018-3562
CVE-2018-3562: A buffer over-read can occur while processing a FILS authentication frame in Android CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux kernel. Documented in NVD as a DoS vulnerability within WLAN, with local attack vector and availability impact. Affected: Andr...
CVE-2018-3567
CVE-2018-3567 is a WLAN buffer overflow affecting Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds leveraging CAF on Linux kernels before 2018-04-05. The vulnerability arises in WLAN when processing HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages (root cause:...
CVE-2018-5832
CVE-2018-5832 infers a race condition in a camera driver ioctl handler on CAF Android builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The root cause is a Use-After-Free condition triggered by a race in the driver path prior to the security patch level 2018-06-05....