8153 matches found
CVE-2016-11053
CVE-2016-11053 concerns a Factory Reset Protection (FRP) bypass on Samsung mobile devices with software up to 2015-11-11 (FRP/RL support). The entry notes the Samsung ID SVE-2015-5131 (January 2016). The description indicates an FRP bypass vulnerability, but does not provide technical details on ...
CVE-2016-2424
CVE-2016-2424 affects Android’s SyncStorageEngine (server/content/SyncStorageEngine.java) in Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-04-01. The vulnerability stems from mismanagement of certain authority data in SyncStorageEngine, enabling a local atta...
CVE-2016-2457
CVE-2016-2457 affects Android Wi‑Fi, specifically server/pm/UserManagerService.java, and is described as a bypass against restrictions on Wi‑Fi configuration changes via guest access in Android 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-05-01). The connected documents confir...
CVE-2016-2469
CVE-2016-2469 is an elevation of privilege vulnerability in the Qualcomm sound driver affecting Android on Nexus devices (pre-2016-06-01). The issue originates in the Qualcomm sound driver used by Android and could allow a local attacker, via a crafted application, to gain kernel-level privileges...
CVE-2016-2477
CVE-2016-2477 is an Android Mediaserver privilege-escalation vulnerability caused by mishandled pointers in mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp. A local attacker could exploit a crafted file or payload to gain Signature or SignatureOrSystem privileges. Affected Android versions inclu...
CVE-2016-2503
CVE-2016-2503 affects the Qualcomm KGSL GPU driver in Android devices (notably Nexus 5X/6P). The issue arises from a race condition and use-after-free in the GPU driver’s synchronization paths (kgsl_sync) and in kgsl_mem_entry handling, enabling a local attacker to escalate privileges via a craft...
CVE-2016-3820
The CVE-2016-3820 issue affects the ih264d decoder in Mediaserver (Android 6.x). The root cause is the decoder mishandling slice numbers, enabling a remote attacker to craft a media file that could trigger arbitrary code execution or memory corruption within Mediaserver. Public details confirm im...
CVE-2016-3828
CVE-2016-3828 affects Android Mediaserver (decoder/ih264d_api.c) in Android 6.x prior to the 2016-08-01 patch, where invalid PPS/SPS NAL units are mishandled, enabling a crafted media file to cause a denial of service (device hang or reboot). The issue is categorized as a Mediaserver DoS vulnerab...
CVE-2016-3860
CVE-2016-3860 affects the Qualcomm sound driver in Android, specifically the file sound/soc/msm/qdsp6v2/audio_calibration.c. The vulnerability allows a crafted application to disclose sensitive information due to an information-disclosure flaw in the Qualcomm sound device on Nexus 5X, Nexus 6P, a...
CVE-2016-3880
CVE-2016-3880 affects Android Mediaserver, specifically buffer overflows in rtsp/ASessionDescription.cpp within libstagefright. Root cause: memory corruption from multiple overflows when processing crafted media files. Impact: remote denial of service causing device hang or reboot. Affected versi...
CVE-2016-3881
CVE-2016-3881 affects libvpx in mediaserver (Android) where the decoder_peek_si_internal function in vp9/vp9_dx_iface.c can trigger a denial of service via a crafted media file. Affected products/versions include Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09...
CVE-2016-3914
CVE-2016-3914 describes a race condition in Telephony’s MmsProvider.java that could let a local attacker escalate privileges by crafting an app to manipulate the Telephony database between two open operations. Affected platforms include Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1....
CVE-2016-3940
CVE-2016-3940 affects the Android Synaptics touchscreen driver on Nexus 6P and Android One devices, prior to the 2016-10-05 patch level. The issue allows a local attacker to escalate privileges through a crafted application, due to a vulnerability in the Synaptics touchscreen driver (internal bug...
CVE-2016-5347
CVE-2016-5347 describes an information-disclosure vulnerability in Qualcomm components, specifically in the CAF Android/Linux kernel audio driver. The issue allows leakage of kernel stack data to userspace via the audio driver, affecting Qualcomm-based Android devices using CAF-released kernels. ...
CVE-2016-5853
CVE-2016-5853 affects the Qualcomm Sound/Audio driver in Android CAF builds using the Linux kernel. The root cause is a sanity check: if a length value is out of the valid range, the code prints an error but continues as if the value were correct, potentially enabling unintended behavior. The CVE...
CVE-2016-6677
CVE-2016-6677 is an information-disclosure flaw in the NVIDIA GPU driver on Nexus 9 devices running Android prior to 2016-10-05. A crafted application can cause the driver to leak sensitive data. The connected NVIDIA/Android entries corroborate this as an information-disclosure issue tied to the ...
CVE-2016-6708
CVE-2016-6708 affects Android 7.0 System UI. It enables a local attacker to bypass the work-profile security prompt in Multi-Window mode, i.e., a local elevation of privilege without requiring user interaction. The issue is described as a local bypass of user interaction requirements and is categ...
CVE-2016-6723
CVE-2016-6723 is a denial-of-service vulnerability in Android’s Proxy Auto Config (PAC) handling. A specially crafted PAC file could cause a device to hang or reboot. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-11-01; 7.0 before 2016-11-01. Root cau...
CVE-2016-6730
CVE-2016-6730 describes an elevation-of-privilege vulnerability in the NVIDIA GPU driver for Android, where a local malicious app could execute arbitrary code in the kernel. The issue is rated Critical due to potential permanent device compromise. Affected software is the NVIDIA GPU driver on And...
CVE-2016-6742
CVE-2016-6742 describes an elevation of privilege in the Synaptics touchscreen driver on Android prior to 2016-11-05, enabling a local malicious app to execute arbitrary code in the kernel if it can compromise a privileged process. Affected: Android devices with affected Synaptics driver. Root ca...
CVE-2017-0389
CVE-2017-0389 is a denial-of-service vulnerability in Android’s core networking that could be triggered by a specially crafted network packet, leading to a device hang or reboot. Affected versions per the records are Android 6.0, 6.0.1, 7.0, and 7.1 (Android ID A-31850211). Public references in t...
CVE-2017-0425
Technical details about CVE-2017-0425 are not publicly provided in the connected documents. The materials confirm a moderate information-disclosure issue in Android Audioserver but lack specifics on affected builds, exploit vectors, or fixes.
CVE-2017-0487
CVE-2017-0487 describes a denial-of-service vulnerability in Android’s Mediaserver. A specially crafted media file could cause a device hang or reboot, impacting Android 6.0/6.0.1/7.0/7.1.1. The vulnerability is exposed via Mediaserver’s media processing path and is classified with higher risk du...
CVE-2017-0522
CVE-2017-0522 describes an elevation of privilege in a MediaTek APK on Android that could allow a local malicious app to execute code in a privileged process. The issue is characterized as High impact with local execution of arbitrary code within a privileged context. The affected component is th...
CVE-2017-0636
CVE-2017-0636 is an elevation of privilege in the MediaTek command queue driver on Android, enabling a local attacker to execute arbitrary code in the kernel context. Affected component: MediaTek command queue driver (MediaTek components in the 2017-06 Android bulletin). Root cause: vulnerability...
CVE-2017-0702
CVE-2017-0702 is a remote code execution vulnerability in Android System UI (Android 7.1.1/7.1.2). Connected CNVD-2017-21551 and NVD records describe a System UI RCE affecting these versions. Public exploit details are not provided in the documents. Android bulletin guidance indicates applying th...
CVE-2017-0808
CVE-2017-0808 is an information-disclosure vulnerability in the Android framework file system affecting Android 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID A-62301183). The issue is documented across multiple sources; the core detail is unauthorized access to sensitive information via the framework fil...
CVE-2017-0850
The CVE-2017-0850 entry affects Android’s media framework (libstagefright) and is an information-disclosure vulnerability in Android 7.0, 7.1.1, and 7.1.2. The issue is documented in the Pixel/Nexus security bulletin under the Media framework section with Android IDs and notes that a patch level ...
CVE-2017-0869
CAVEAT: CVE-2017-0869 is tied to the NVIDIA driver. The vulnerability is described as an integer overflow in the driver that can lead to a use-after-free and a potential elevation of privilege enabling code execution as a privileged process. Affected component: NVIDIA driver (Android context). Im...
CVE-2017-11010
CVE-2017-11010 affects Qualcomm closed-source components in Android (devices using Snapdragon IoT and listed SD/mobiles). Description from the CVE: leaving a configuration space unprotected due to faulty access control. Impact as per CVSS: Critical/HIGH on confidentiality, integrity, and availabi...
CVE-2017-11012
The CVE-2017-11012 issue is described across multiple sources as a stack-based buffer overflow in Qualcomm WLAN components used by Android on MSM platforms, triggered by processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command. Connected CNVD entry attribut...
CVE-2017-11024
CVE-2017-11024 describes a race condition in the rmnet USB control driver within Android/CAF Linux-kernel based builds on MSM platforms, which can lead to a Use-After-Free condition. Affected: Android MSM, Firefox OS for MSM, and QRD Android releases using CAF Linux kernel. Impact is described as...
CVE-2017-11026
CVE-2017-11026 affects Android on Qualcomm MSM devices with CAF Linux kernel during FRP partition flashing. Descriptions in NVD/CNVD indicate an authentication flaw where the authentication method can be compromised for static keys when flashing the FRP partition using a reference FRP unlock. Thi...
CVE-2017-11051
CVE-2017-11051 affects Android for MSM and related CAF/Linux kernel builds. The root cause is that hb_params in __wlan_hdd_cfg80211_testmode is not zero-initialized, enabling an information-disclosure vulnerability. Impact is described as information disclosure with network attack vector; exploit...
CVE-2017-11079
Technical details for CVE-2017-11079 are not publicly available in the provided documents. Monitor for updates from authoritative sources.
CVE-2017-11090
CVE-2017-11090 involves a buffer overread in the WLAN PMKID handling path (__wlan_hdd_cfg80211_set_pmksa) when a PMKID shorter than WLAN_PMKID_LEN is provided. Affected platforms include Android for MSM, Firefox OS for MSM, QRD Android, and CAF-based Android builds using the Linux kernel. The roo...
CVE-2017-11091
CVE-2017-11091 concerns a Use-After-Free condition in the Android MSM/CAF Linux kernel driver path /dev/mdss_rotator, triggered in the function mdss_rotator_ioctl. The issue is described as a Use-After-Free potentially occurring due to a fence being installed too early, affecting Android builds a...
CVE-2017-13154
CVE-2017-13154 is an elevation-of-privilege vulnerability in Android’s media framework (libstagefright) affecting Android versions 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The issue is documented across multiple sources (NVD, CVE lists, Android Pixel/Nexus bulletin) and is categorized as Eo...
CVE-2017-13174
CVE-2017-13174 is documented in the Android kernel (EDL) as an Elevation of Privilege issue. Connected sources confirm it is part of the 2017-12-05 patch level kernel fixes, but no detailed affected versions or explicit remediation steps are provided beyond this bulletin reference.
CVE-2017-13183
The CVE-2017-13183 issue is a race condition in the Media framework of Android 8.1 affecting OMXNodeInstance::useBuffer and IOMX::freeBuffer, causing a use-after-free that can lead to local elevation of privilege and code execution in a privileged process. Exploitation is described as requiring u...
CVE-2017-13217
CVE-2017-13217 affects the LG Bootloader’s DisplayFtmItem in Android. It is an out-of-bounds write caused by reading a string without verifying it is null-terminated, enabling a local elevation of privilege and a secure-boot bypass that could let code execute with high privileges. Exploitation is...
CVE-2017-13221
CVE-2017-13221 is an Elevation of Privilege (EoP) vulnerability affecting the Upstream kernel WiFi driver in Android devices (Android kernel). The connected documents consistently describe a local vulnerability that could allow a non-privileged attacker to escalate privileges via the kernel WiFi ...
CVE-2017-13268
The CVE-2017-13268 entry corresponds to an Information Disclosure in the Android system Bluetooth stack. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The issue is categorized as a System vulnerability with Moderate severity in the Pixel/Android bulletin. P...
CVE-2017-13278
CVE-2017-13278 affects Android’s MediaPlayerService::Client::notify in MediaPlayerService.cpp, with a use-after-free that can allow local elevation of privilege without extra execution privileges. Impacted Android versions: 6.0–8.1 (6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1). Description notes no u...
CVE-2017-14902
CVE-2017-14902 describes a race condition in the GLink kernel driver across Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The vulnerability is a Use-After-Free in the GLink driver that can potentially allow a local attacker to compromise the device (as indic...
CVE-2017-14908
CVE-2017-14908 concerns the SafeSwitch test application on Android for MSM/CAF Linux builds (including Qualcomm components) not properly validating the number of blocks. Connected sources confirm the issue affects Android stacks (CAF Linux kernel-based builds) and can involve Qualcomm closed-sour...
CVE-2017-15815
CVE-2017-15815 describes a potential buffer overflow in the WLAN processing path of Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel, specifically when handling 802.11 MGMT frames (e.g., Auth) inside limProcessAuthFrame. The issue is triggered during processing o...
CVE-2017-15849
CVE-2017-15849 affects Qualcomm Display in Android/CAF builds for MSM, where a LayerStack can be destroyed between Validate and Commit by the application, causing a Use-After-Free condition. The issue is described in multiple sources (NVD entry and related CVEs) as a high-severity (EoP) vulnerabi...
CVE-2017-15852
CVE-2017-15852 is an information-disclosure vulnerability affecting Qualcomm MSM camera components, specifically an ISPIF/base address exposure in the camera driver (Framebuffer path referenced in Pixel/Qualcomm mappings). The NVD entry describes an information leak of the ISPIF base address that...
CVE-2017-17764
CVE-2017-17764 describes an integer overflow in the firmware-driven buffer-size calculation inside Qualcomm WLAN’s wma_rx_aggr_failure_event_handler() for CAF Android/Linux-kernel builds. The flaw can allow a crafted failure-info value to cause a buffer overflow, enabling local elevation of privi...