8205 matches found
CVE-2017-13244
CVE-2017-13244 is an Elevation of Privilege (EoP) flaw in the Android kernel Easel driver. The upstream kernel Easel component is affected, enabling privilege escalation on Android devices. The issue is classified as EoP with Moderate severity in the Pixel/Nexus bulletin, and addressed by patch l...
CVE-2017-13268
The CVE-2017-13268 entry corresponds to an Information Disclosure in the Android system Bluetooth stack. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The issue is categorized as a System vulnerability with Moderate severity in the Pixel/Android bulletin. P...
CVE-2017-13274
CVE-2017-13274 affects Android Runtime: UriTest.getHost() may misdetermine the web origin, enabling incorrect security decisions. Affected: Android 6.0–8.1. Impact described as high/critical (CVSS 3.0: 9.8; base vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation requires no user i...
CVE-2017-13288
CVE-2017-13288 affects Android 8.0 and 8.1, with a vulnerability in writeToParcel/readFromParcel of the PeriodicAdvertisingReport.java file caused by a 64/32-bit int mismatch. This leads to a permission bypass and potential local elevation of privilege by starting an activity with system privileg...
CVE-2017-13296
CVE-2017-13296 is an information-disclosure vulnerability in the Android media framework (libavc). Affected Product/Component: Android media framework (libavc) across Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Root cause: information disclosure within libavc leads to partial confid...
CVE-2017-13298
CVE-2017-13298 is an information-disclosure vulnerability in Android’s media framework (libhavc) affecting Android 6.0–8.1. The issue is described as information disclosure; no specifics on root cause are provided in the initial text. Connected sources indicate the vulnerability affected Pixel/Ne...
CVE-2017-14876
The CVE-2017-14876 vulnerability affects Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-06-21. The root cause is a lack of bounds checking on params->entries[i].vfe_intf in msm_ispif_config_stereo(), which can lead to a kernel out-of-bounds write. Exploitation status is not...
CVE-2017-14918
CVE-2017-14918 is documented in multiple sources as a Use-After-Free vulnerability affecting Android on MSM platforms, specifically in the GPS location wireless interface. In the Qualcomm closed-source components section, it is listed with High severity for a closed-source component. The Connecte...
CVE-2017-15814
The connected CNVD-2018-06014 entry describes an information-disclosure vulnerability in Google's Android Qualcomm Camera_v2 driver, caused by insufficient input validation in the driver. The issue is tied to the Camera_v2 components on Android devices using Qualcomm hardware and enables local in...
CVE-2017-15835
CVE-2017-15835 affects Android variants (Android for MSM, Firefox OS for MSM, QRD Android) built on CAF with the Linux kernel. The issue lies in how the RIC Data Descriptor IE is processed in an artificially crafted 802.11 frame where the IE length exceeds 255, which may trigger an infinite loop ...
CVE-2017-15846
The CVE-2017-15846 entry affects the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-09-16. Root cause: an untrusted pointer dereference in video_ioctl2() could occur. Impact per sources is potentially high (partial to full confidentiality, integrity, and avail...
CVE-2017-15849
CVE-2017-15849 affects Qualcomm Display in Android/CAF builds for MSM, where a LayerStack can be destroyed between Validate and Commit by the application, causing a Use-After-Free condition. The issue is described in multiple sources (NVD entry and related CVEs) as a high-severity (EoP) vulnerabi...
CVE-2017-18657
CVE-2017-18657 concerns Samsung mobile devices running M(6.0)/N(7.x) software. The issue is an arbitrary write in a trustlet (Samsung ID SVE-2017-8893). Connected documents (Red Hat, NVD/NVD mirror, CVE lists) corroborate the same root cause description, with no publicly detailed exploit or affec...
CVE-2017-18673
CVE-2017-18673 affects Samsung mobile devices running N(7.x) software. The issue allows an attacker to disable the Location service on a locked device, preventing the rightful owner from locating a stolen device. The Samsung ID is SVE-2017-8524 (May 2017). Public documents do not provide details ...
CVE-2017-18674
CVE-2017-18674 affects Samsung mobile devices running Android N (7.0); the Timaservice time service is susceptible to a kernel panic. The issue is associated with Samsung ID SVE-2017-8593, May 2017. CVSS indicates network attack vector with low privileges required and high availability impact. Th...
CVE-2017-18675
CVE-2017-18675 affects Samsung mobile devices on M(6.0)/N(7.x) with Exynos7420/Exynos8890. The issue is in the Camera application, which can leak uninitialized memory via the ion subsystem. The Red Hat and NVD records reiterate the same description; no additional exploit details, affected version...
CVE-2017-18676
CVE-2017-18676 affects Samsung mobile devices running Android N (7.0) on Qualcomm chipsets and is described as an RKP kernel protection bypass caused by a lack of MSR trapping, enabling potential unwanted memory mappings. The issue is tied to Samsung ID SVE-2016-7901 (April 2017). Connected docum...
CVE-2017-6426
CVE-2017-6426 is a documented information-disclosure vulnerability in the Qualcomm SPMI driver (Android kernel). A local-attack requires user interaction and could let a malicious local app access data outside its permission levels. Affected are Pixel and Pixel XL devices per the CVE list. The so...
CVE-2017-7367
CVE-2017-7367 concerns an integer underflow in the boot image processing path on Android CAF builds using the Linux kernel. The available connected documents identify this as a DoS-type issue (bootloader component) with a high-severity impact profile. The exact affected products, versions, and fi...
CVE-2017-7373
CVE-2017-7373 affects Android CAF builds using the Linux kernel display/video driver, describing a double‑free flaw. The Android bulletin attributes EoP potential to this issue and notes patches in the 2017-06-05 security update; apply the corresponding updates to mitigate.
CVE-2017-8257
CVE-2017-8257 affects Qualcomm CAF Android devices using the Linux kernel, specifically the sde_rotator debug interface. The issue arises when multiple processes read registers and one process frees the debug buffer while another still uses it, creating a use-after-free-like condition. The NVD re...
CVE-2017-8268
CVE-2017-8268 affects Qualcomm components in Android CAF builds using the Linux kernel. The camera application can request frame/command buffer operations with invalid values, causing the camera driver to perform a heap buffer over-read. Documented impact is high (CVSSv3: 7.8; CVSSv2: 9.3). The v...
CVE-2017-9679
CVE-2017-9679 affects Qualcomm products with Android CAF/Linux kernel. The issue arises when a userspace string is not NULL-terminated, allowing kernel memory contents to leak to system logs. This constitutes an information disclosure risk (partial confidentiality impact) as described in the vuln...
CVE-2017-9709
CVE-2017-9709 is a privilege-escalation issue in telephony affecting Android for MSM/CAF Linux-kernel builds. Affected components are telephony-related in Android variants (Android for MSM, Firefox OS for MSM, QRD Android) with CAF kernel usage. The vulnerability is described as enabling elevatio...
CVE-2017-9715
The CVE-2017-9715 entry describes a buffer over-read in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android releases using the Linux kernel when processing a vendor command. The underlying vulnerability is a buffer over-read (noted as an information disclosure risk) with affected co...
CVE-2017-9723
CVE-2017-9723 affects the synaptics_dsx touchscreen driver used in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-06-05. The issue arises because a stack-allocated buffer size can be set to exceed the size of the stack, enabling a stack-based overflow. The connected documents ...
CVE-2018-11263
CVE-2018-11263 concerns CAF-derived Android WLAN code in the Linux kernel used on Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when the radio_id received from the FW is greater than or equal to the maximum, allowing an out-of-bounds write while copying radio stats. The v...
CVE-2018-11276
CVE-2018-11276 is a kernel-level vulnerability in the CAF Qualcomm Linux kernel used by Android for MSM, Firefox OS for MSM, and QRD Android. The issue is a double free of memory during driver probe failure, where memory allocated is freed twice, risking kernel instability or a crash. Documented ...
CVE-2018-11297
CVE-2018-11297 affects Qualcomm WLAN Host in Android (CAF/Linux kernel-based builds such as Android for MSM) where the WMA NDP event handler can over-read due to missing validation of input value event_info received from firmware. This is described as a buffer over-read/overflow in the WLAN Host ...
CVE-2018-21063
Technical details about CVE-2018-21063 are not publicly available in the provided documents. Monitor for updates from vendors (e.g., Red Hat, CVE databases) and check for any new advisories or patches.
CVE-2018-21089
CVE-2018-21089 affects Samsung mobile devices running N(7.x) on MT6755/MT6757 Mediatek chipsets. The root cause is an integer overflow in the bootloader related to the download offset control, enabling arbitrary code execution. The entry notes a Samsung ID SVE-2017-10732 (Jan 2018). Impact is des...
CVE-2018-3569
CVE-2018-3569 is a Qualcomm WLAN Host vulnerability classified as Elevation of Privilege (EoP) and rated Critical in the 2018-06-05 Android patch set. The issue is a buffer over-read during certain firmware/wlan operations, exposed on CAF Android releases (Android for MSM, Firefox OS for MSM, QRD...
CVE-2018-3570
CVE-2018-3570 refers to a vulnerability in the cpuidle driver used by CAF Android builds (Android for MSM, Firefox OS for MSM, QRD Android) that rely on the Linux kernel. The issue arises from incorrect use of the list_for_each macro, which could lead to an untrusted pointer dereference. Connecte...
CVE-2018-5831
CVE-2018-5831 affects the KGSL driver in CAF Android builds that use the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The vulnerability stems from a reference counting error that can trigger a Use-After-Free condition. The impact is described in the Android/CAF context as a lo...
CVE-2018-9355
CVE-2018-9355 affects the Android system component and is described as an out-of-bounds stack write in the function path bta_dm_sdp_result of bta_dm_act.cc, caused by a missing bounds check. The vulnerability could enable remote code execution with no privileges and no user interaction, as report...
CVE-2018-9438
CVE-2018-9438 affects Android 8.1 (Framework) where devices connected only over WiFi VPN may fail to receive security updates due to incorrect checks, causing local denial of service of security updates. Exploitation requires user interaction; no remote code execution is indicated. The Android Se...
CVE-2018-9455
CVE-2018-9455 affects Android 6.0–8.1. The issue is an out-of-bounds read in sdpu_extract_attr_seq within sdp_utils.cc, caused by an incorrect bounds check, enabling remote denial of service without user interaction. The Android bulletin lists CVE-2018-9455 under System DoS with patch level 2018-...
CVE-2018-9483
CVE-2018-9483 concerns a vulnerability in Android’s Bluetooth stack, specifically in the function bta_dm_remove_sec_dev_entry within bta_dm_act.cc . The issue is a possible out-of-bounds read caused by a use-after-free, which could allow remote information disclosure over Bluetooth without extra ...
CVE-2018-9496
CVE-2018-9496 affects Android 9.0; vulnerability in ixheaacd_real_synth_fft_p3 within ixheaacd_esbr_fft.c causes an out-of-bounds write due to a missing bounds check, enabling remote code execution with user interaction. Exploitation details are not provided in the connected documents beyond this...
CVE-2018-9511
CVE-2018-9511 affects Android 9.0 and relates to ipSecSetEncapSocketOwner in XfrmController.cpp. The issue is a potential failure to initialize a security feature due to uninitialized data, which could enable local denial of service (DoS) on IPsec sockets without additional privileges or user int...
CVE-2018-9528
CVE-2018-9528 affects ixheaacd_over_lap_add1_armv8: in ixheaacd_overlap_add1.s, a missing bounds check allows an out-of-bounds write. This could enable remote code execution on Android 9 (Android-9) with user interaction required for exploitation. The vulnerability is tied to the ixheaacd compone...
CVE-2018-9532
Technical details about CVE-2018-9532 are not publicly available in the provided connected documents. The entry references an out-of-bounds write in ixheaacd_env_extr.c affecting Android-9, but no further technical specifics or fixes are disclosed here; monitor for updates.
CVE-2018-9560
CVE-2018-9560 affects Android 9, in the HID stack. The issue is an out-of-bounds write in HID_DevAddRecord of hidd_api.cc caused by a missing bounds check, enabling local elevation of privilege in the Bluetooth service with no user interaction required. Impact is described as high (local EoP with...
CVE-2018-9587
CVE-2018-9587 affects Android 7.0–9 (Android-7.0, -7.1.1, -7.1.2, -8.0, -8.1, -9). In ContactPhotoUtils.java (savePhotoFromUriToUri), a confused deputy scenario could allow unauthorized access to files in the Contacts app, enabling local elevation of privilege. The vulnerability is local (attack ...
CVE-2019-2026
CVE-2019-2026 affects Android 8.0 Framework. In Editor.java’s updateAssistMenuItems, a missing permission check could allow local escalation of privilege and FRP bypass with no user interaction. The Android 2019-04-01 bulletin lists CVE-2019-2026 as a Framework EoP (High) issue for 8.0, indicatin...
CVE-2019-2030
CVE-2019-2030 is an Android 9 local Elevation of Privilege flaw: a use-after-free in removeInterfaceAddress within NetworkController.cpp that could allow remote code execution in the context of a privileged process without user interaction. The Android security bulletin groups this under System v...
CVE-2019-20558
CVE-2019-20558 concerns a Buffer Overflow in the Touch Screen Driver on Samsung mobile devices with N(7.x), O(8.x) and P(9.0) Exynos chipsets (Samsung ID SVE-2019-14990). Affected component: Touch Screen Driver. Root cause: buffer overflow. Impact per sources: CVSS3.1 base score 9.8 (CRITICAL) wi...
CVE-2019-20573
CVE-2019-20573 affects Samsung mobile devices running N(7.x), O(8.x) and P(9.0). The issue is local SQL injection in the RCS Content Provider, with Samsung repair IDs SVE-2019-14059 and SVE-2019-14685 (August 2019). The NVD CVSS data indicates a high impact (CVSS3.1: Local, Privileges Required Lo...
CVE-2019-20596
Samsung mobile devices running N(7.x) and O(8.x) software (Exynos chipsets) are affected by CVE-2019-20596 due to an information disclosure in the GateKeeper Trustlet. The data shows a vulnerability in a Trustlet component, leading to partial confidentiality impact with high severity in CVSS 3.1 ...
CVE-2019-20599
Technical details for CVE-2019-20599 are not publicly available in the provided documents. The connected sources repeat the same description without concrete exploit, impact, vulnerable components, or fixes. Monitor for updates from official advisories.