8153 matches found
CVE-2017-13268
The CVE-2017-13268 entry corresponds to an Information Disclosure in the Android system Bluetooth stack. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The issue is categorized as a System vulnerability with Moderate severity in the Pixel/Android bulletin. P...
CVE-2017-15849
CVE-2017-15849 affects Qualcomm Display in Android/CAF builds for MSM, where a LayerStack can be destroyed between Validate and Commit by the application, causing a Use-After-Free condition. The issue is described in multiple sources (NVD entry and related CVEs) as a high-severity (EoP) vulnerabi...
CVE-2016-8448
CVE-2016-8448 describes an elevation-of-privilege vulnerability in MediaTek components (including the thermal and video drivers) on Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context, after compromising a privileged process. The NVD entry ...
CVE-2016-8471
CVE-2016-8471 describes an information-disclosure vulnerability in the MediaTek driver on Android. The issue could allow a local malicious application to access data outside its permission levels, with the impact classified as Moderate because exploitation requires compromising a privileged proce...
CVE-2016-8484
CVE-2016-8484 is an elevation-of-privilege vulnerability affecting Android kernel components within Qualcomm closed-source code. The available sources describe the issue as a privilege escalation in Qualcomm components used by Android, enabling code execution in the kernel context. No device- or ...
CVE-2017-0545
CVE-2017-0545 describes an elevation-of-privilege weakness in Android’s Audioserver that could let a local malicious app run arbitrary code within a privileged process. The linked sources list affected Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1, and categorize the issue as High imp...
CVE-2017-0578
CVE-2017-0578 is an elevation of privilege in the Android DTS sound driver that could allow a local malicious application to execute arbitrary code in the kernel. Affected component: Android with the DTS sound driver. Root cause: privilege escalation within the driver enabling code execution in k...
CVE-2017-0684
CVE-2017-0684 is the Android media framework elevation-of-privilege vulnerability. CNVD-2017-15960 describes it as a privilege-extraction flaw in Android’s media framework, enabling an attacker to trigger an out-of-bounds write. Affected products/versions include Android 6.0, 6.0.1, 7.0, 7.1.1, a...
CVE-2017-0696
CVE-2017-0696 is described as a denial-of-service vulnerability in the Android media framework affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID A-37207120). The connected documents confirm the affected component as the Android media framework, but do not provide a detailed root cau...
CVE-2017-0707
CVE-2017-0707 is reflected in connected documents as an Elevation of Privilege in the HTC LED driver within the Android kernel. Documents identify the affected component as the LED driver (HTC) and classify the issue as EoP (Moderate) with local impact; no detailed root-cause, exploit specifics, ...
CVE-2017-0723
CVE-2017-0723 is an Android media framework (libavc) remote code execution vulnerability affecting Android 6.0–7.1.2. Exploitation arises from libavc handling of crafted media content; CVSSv3: HIGH, with local attack vector and user interaction required. References describe Android’s August 2017 ...
CVE-2017-0753
CVE-2017-0753 is a remote code execution vulnerability reported in the Android libraries (libgdx), affecting Android versions 7.1.1, 7.1.2, and 8.0 (Android ID: A-62218744). The available connected documents indicate the issue is classified as RCE in the Libraries section of the Android Security ...
CVE-2017-0808
CVE-2017-0808 is an information-disclosure vulnerability in the Android framework file system affecting Android 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID A-62301183). The issue is documented across multiple sources; the core detail is unauthorized access to sensitive information via the framework fil...
CVE-2017-0825
CVE-2017-0825 is an information-disclosure vulnerability in the Broadcom WiFi driver used by Android (Android kernel). Connected sources identify the issue as a Broadcom WiFi driver information leakage vulnerability affecting Android devices, with the vulnerability classified as Moderate (WiFi dr...
CVE-2017-11010
CVE-2017-11010 affects Qualcomm closed-source components in Android (devices using Snapdragon IoT and listed SD/mobiles). Description from the CVE: leaving a configuration space unprotected due to faulty access control. Impact as per CVSS: Critical/HIGH on confidentiality, integrity, and availabi...
CVE-2017-11038
CVE-2017-11038 is a Qualcomm memory-subsystem Elevation of Privilege flaw affecting Android on MSM devices (and CAF-based kernels) where, during boot image header processing, range checks can be bypassed by supplying different header versions. This enables possible local privilege escalation. The...
CVE-2017-11040
CVE-2017-11040: Information disclosure in Qualcomm CAF Android releases using the Linux kernel. Reading from sysfs nodes may expose more information than allowed, enabling partial confidentiality loss (CVSS2: 4.3; CVSS3: 5.5). Affected: Qualcomm products with CAF Android builds on Linux kernel; i...
CVE-2017-11069
CVE-2017-11069 is a heap overflow in the SafeSwitch image handling, reported for Android for MSM platforms (CAF/Linux kernel) and associated Qualcomm bootloader contexts. The vulnerability arises from manipulation of SafeSwitch Image data, and is categorized in the Qualcomm bootloader area as an ...
CVE-2017-13169
CVE-2017-13169 is an information-disclosure vulnerability in the Android kernel camera server. Affected: Android kernel (kernel camera server). Root cause not explicitly detailed in provided documents. Impact: confidentiality leakage (per CVSS metrics: partial in v2, high in v3; no integrity/avai...
CVE-2017-13185
CVE-2017-13185 is an information-disclosure vulnerability in Android’s media framework libhevc. Affected products/versions per sources: Android 7.0, 7.1.1, 7.1.2, and 8.0. The root cause is information exposure via the libhevc decoder in the Media framework (details are consistent across NVD/CNVD...
CVE-2017-13212
CVE-2017-13212 is an Elevation of Privilege in Android’s systemui affecting Android 5.1.1–8.0. The vulnerable component is the Android System UI; root cause is not detailed in the provided documents. No exploitation details are provided. The Pixel/Nexus bulletin lists this CVE under the System ca...
CVE-2017-13229
CVE-2017-13229 is a remote code execution vulnerability in the Android media framework affecting Android 7.0–8.1 (Pixel/Nexus). The Pixel security bulletin lists it as RCE in the Media framework with a patch level of 2018-02-05 to address it; no exploit details are provided in the available docum...
CVE-2017-13232
CVE-2017-13232 affects Android audioserver and is caused by an out-of-bounds write in a log statement using %s with a non-NULL-terminated array, leading to local information disclosure without requiring user interaction or extra privileges. Affected Android versions per the CVE entry: 5.1.1, 6.0,...
CVE-2017-13233
CVE-2017-13233 affects the Android-era libhevc decoder: the function ihevcd_ctb_boundary_strength_pbslice can exhaust resources, causing a remote temporary denial of service. Exploitation requires user interaction and can impact affected Android versions (5.1.1–8.1). The issue is tied to libhevc’...
CVE-2017-13244
CVE-2017-13244 is an Elevation of Privilege (EoP) flaw in the Android kernel Easel driver. The upstream kernel Easel component is affected, enabling privilege escalation on Android devices. The issue is classified as EoP with Moderate severity in the Pixel/Nexus bulletin, and addressed by patch l...
CVE-2017-13274
CVE-2017-13274 affects Android Runtime: UriTest.getHost() may misdetermine the web origin, enabling incorrect security decisions. Affected: Android 6.0–8.1. Impact described as high/critical (CVSS 3.0: 9.8; base vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation requires no user i...
CVE-2017-13288
CVE-2017-13288 affects Android 8.0 and 8.1, with a vulnerability in writeToParcel/readFromParcel of the PeriodicAdvertisingReport.java file caused by a 64/32-bit int mismatch. This leads to a permission bypass and potential local elevation of privilege by starting an activity with system privileg...
CVE-2017-13296
CVE-2017-13296 is an information-disclosure vulnerability in the Android media framework (libavc). Affected Product/Component: Android media framework (libavc) across Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Root cause: information disclosure within libavc leads to partial confid...
CVE-2017-13298
CVE-2017-13298 is an information-disclosure vulnerability in Android’s media framework (libhavc) affecting Android 6.0–8.1. The issue is described as information disclosure; no specifics on root cause are provided in the initial text. Connected sources indicate the vulnerability affected Pixel/Ne...
CVE-2017-14876
The CVE-2017-14876 vulnerability affects Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-06-21. The root cause is a lack of bounds checking on params->entries[i].vfe_intf in msm_ispif_config_stereo(), which can lead to a kernel out-of-bounds write. Exploitation status is not...
CVE-2017-14918
CVE-2017-14918 is documented in multiple sources as a Use-After-Free vulnerability affecting Android on MSM platforms, specifically in the GPS location wireless interface. In the Qualcomm closed-source components section, it is listed with High severity for a closed-source component. The Connecte...
CVE-2017-15814
The connected CNVD-2018-06014 entry describes an information-disclosure vulnerability in Google's Android Qualcomm Camera_v2 driver, caused by insufficient input validation in the driver. The issue is tied to the Camera_v2 components on Android devices using Qualcomm hardware and enables local in...
CVE-2017-15835
CVE-2017-15835 affects Android variants (Android for MSM, Firefox OS for MSM, QRD Android) built on CAF with the Linux kernel. The issue lies in how the RIC Data Descriptor IE is processed in an artificially crafted 802.11 frame where the IE length exceeds 255, which may trigger an infinite loop ...
CVE-2017-15846
The CVE-2017-15846 entry affects the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-09-16. Root cause: an untrusted pointer dereference in video_ioctl2() could occur. Impact per sources is potentially high (partial to full confidentiality, integrity, and avail...
CVE-2017-18657
CVE-2017-18657 concerns Samsung mobile devices running M(6.0)/N(7.x) software. The issue is an arbitrary write in a trustlet (Samsung ID SVE-2017-8893). Connected documents (Red Hat, NVD/NVD mirror, CVE lists) corroborate the same root cause description, with no publicly detailed exploit or affec...
CVE-2017-18673
CVE-2017-18673 affects Samsung mobile devices running N(7.x) software. The issue allows an attacker to disable the Location service on a locked device, preventing the rightful owner from locating a stolen device. The Samsung ID is SVE-2017-8524 (May 2017). Public documents do not provide details ...
CVE-2017-18674
CVE-2017-18674 affects Samsung mobile devices running Android N (7.0); the Timaservice time service is susceptible to a kernel panic. The issue is associated with Samsung ID SVE-2017-8593, May 2017. CVSS indicates network attack vector with low privileges required and high availability impact. Th...
CVE-2017-18675
CVE-2017-18675 affects Samsung mobile devices on M(6.0)/N(7.x) with Exynos7420/Exynos8890. The issue is in the Camera application, which can leak uninitialized memory via the ion subsystem. The Red Hat and NVD records reiterate the same description; no additional exploit details, affected version...
CVE-2017-18676
CVE-2017-18676 affects Samsung mobile devices running Android N (7.0) on Qualcomm chipsets and is described as an RKP kernel protection bypass caused by a lack of MSR trapping, enabling potential unwanted memory mappings. The issue is tied to Samsung ID SVE-2016-7901 (April 2017). Connected docum...
CVE-2017-6426
CVE-2017-6426 is a documented information-disclosure vulnerability in the Qualcomm SPMI driver (Android kernel). A local-attack requires user interaction and could let a malicious local app access data outside its permission levels. Affected are Pixel and Pixel XL devices per the CVE list. The so...
CVE-2017-7367
CVE-2017-7367 concerns an integer underflow in the boot image processing path on Android CAF builds using the Linux kernel. The available connected documents identify this as a DoS-type issue (bootloader component) with a high-severity impact profile. The exact affected products, versions, and fi...
CVE-2017-7373
CVE-2017-7373 affects Android CAF builds using the Linux kernel display/video driver, describing a double‑free flaw. The Android bulletin attributes EoP potential to this issue and notes patches in the 2017-06-05 security update; apply the corresponding updates to mitigate.
CVE-2017-8257
CVE-2017-8257 affects Qualcomm CAF Android devices using the Linux kernel, specifically the sde_rotator debug interface. The issue arises when multiple processes read registers and one process frees the debug buffer while another still uses it, creating a use-after-free-like condition. The NVD re...
CVE-2017-8268
CVE-2017-8268 affects Qualcomm components in Android CAF builds using the Linux kernel. The camera application can request frame/command buffer operations with invalid values, causing the camera driver to perform a heap buffer over-read. Documented impact is high (CVSSv3: 7.8; CVSSv2: 9.3). The v...
CVE-2017-9679
CVE-2017-9679 affects Qualcomm products with Android CAF/Linux kernel. The issue arises when a userspace string is not NULL-terminated, allowing kernel memory contents to leak to system logs. This constitutes an information disclosure risk (partial confidentiality impact) as described in the vuln...
CVE-2017-9709
CVE-2017-9709 is a privilege-escalation issue in telephony affecting Android for MSM/CAF Linux-kernel builds. Affected components are telephony-related in Android variants (Android for MSM, Firefox OS for MSM, QRD Android) with CAF kernel usage. The vulnerability is described as enabling elevatio...
CVE-2017-9715
The CVE-2017-9715 entry describes a buffer over-read in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android releases using the Linux kernel when processing a vendor command. The underlying vulnerability is a buffer over-read (noted as an information disclosure risk) with affected co...
CVE-2017-9723
CVE-2017-9723 affects the synaptics_dsx touchscreen driver used in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-06-05. The issue arises because a stack-allocated buffer size can be set to exceed the size of the stack, enabling a stack-based overflow. The connected documents ...
CVE-2018-11263
CVE-2018-11263 concerns CAF-derived Android WLAN code in the Linux kernel used on Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when the radio_id received from the FW is greater than or equal to the maximum, allowing an out-of-bounds write while copying radio stats. The v...
CVE-2018-11276
CVE-2018-11276 is a kernel-level vulnerability in the CAF Qualcomm Linux kernel used by Android for MSM, Firefox OS for MSM, and QRD Android. The issue is a double free of memory during driver probe failure, where memory allocated is freed twice, risking kernel instability or a crash. Documented ...