8153 matches found
CVE-2016-3824
CVE-2016-3824 covers a Mediaserver elevation of privilege flaw in Android’s mediaserver (libstagefright), where OMXNodeInstance.cpp in OMX buffer port handling is unvalidated. A crafted application could exploit this local issue to gain privileges. Affected are Android 4.x before 4.4.4, 5.0.x bef...
CVE-2016-3835
Summary (CVE-2016-3835) : A vulnerability in the Mediaserver component (mm-video-v4l2 venc) of Android’s mediaserver on 4.x to 6.x releases allows an attacker via a crafted application to read sensitive information by mishandling heap pointers. Affects Android versions listed in the description (...
CVE-2016-3838
CVE-2016-3838 affects Android 6.x prior to 2016-08-01. The issue is a denial-of-service in which a crafted application using the app-pinning feature can cause loss of the locked-screen 911 functionality (internal bug 28761672). Connected sources corroborate the vulnerability as described in CVE r...
CVE-2016-3840
CVE-2016-3840 affects Conscrypt in Android: versions 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x up to 2016-08-05 fail to properly identify session reuse, enabling remote arbitrary code execution via unspecified vectors. The NVD entry mirrors this description with a high/critic...
CVE-2016-3873
CVE-2016-3873 affects the NVIDIA kernel on Android (Nexus 9) prior to 2016-09-05. An attacker can gain privileges via a crafted application due to improper validation in the DVS Framework input, aka internal bug 29518457. Connected sources confirm affected platform (Android/Nexus 9) and root caus...
CVE-2016-3902
CVE-2016-3902 affects Android’s Qualcomm IPA driver, specifically the ipa_qmi_service.c component, on Nexus 5X and 6P. The vulnerability, described as an information disclosure, could allow a crafted application to obtain sensitive information due to issues in the Qualcomm IPA driver prior to the...
CVE-2016-3909
The CVE-2016-3909 entry affects Android’s Mediaserver (libstagefright) SoftMPEG4 in the MediaServer component. The vulnerability enables privilege escalation via a crafted application and is tied to specific Android versions: 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 20...
CVE-2016-3912
Technical details about CVE-2016-3912 are not publicly provided in the supplied connected documents. The material confirms a privilege-escalation issue in Android framework APIs but lacks specific affected versions, exploit details, or patches. Monitor for updates.
CVE-2016-3930
CVE-2016-3930 concerns the NVIDIA MMC test driver on Android (Nexus 9) where a crafted app can exploit a NULL pointer dereference in the MMC test driver to gain privileges locally. Affected component: NVIDIA Tegra kernel/NVIDIA MMC test driver; vulnerability type: elevation of privilege. CVSS see...
CVE-2016-3931
CVE-2016-3931 affects the Qualcomm QSEE Communicator driver (drivers/misc/qseecom.c) in Android. It enables local privilege escalation via a crafted application on Nexus 5X, Nexus 6, Nexus 6P and Android One devices running pre-2016-10-05 builds. The vulnerability stems from the QSEE Communicator...
CVE-2016-3937
CVE-2016-3937 is an elevation-of-privilege vulnerability in the MediaTek video driver for Android, exploitable by a crafted app to gain privileges. The issue affects MediaTek video driver in Android prior to the 2016-10-05 patch level; patch status varies and public fix availability is not consis...
CVE-2016-5871
CVE-2016-5871 is a buffer overflow due to an integer overflow in Qualcomm CAF Android builds using the Linux kernel when loading an image file. The NVD entry assigns a CVSSv3 base score of 9.8 (CRITICAL, Network attack, no user interaction) with impact to confidentiality, integrity, and availabil...
CVE-2016-6690
CVE-2016-6690 affects the Android kernel sound driver (sound card) on Nexus devices (Nexus 5, 5X, 6, 6P, Nexus Player) prior to 2016-10-05. Root cause: a flaw in the kernel sound driver allows a crafted application to trigger a denial of service, causing a reboot. Impact as described: device rebo...
CVE-2016-6703
CVE-2016-6703 describes a remote code execution vulnerability in the Android runtime library (ART). Affected Android releases include 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; and 6.x before 2016-11-01. An attacker could supply a specially crafted payload to execute arbitrary code...
CVE-2016-6724
CVE-2016-6724 details: A denial of service in the Android Input Manager Service could allow a local malicious app to cause the device to continually reboot. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-11-01; 7.0 before 2016-11-01. Impact is a tempor...
CVE-2016-6745
Summary (CVE-2016-6745) : Elevation of privilege in the Synaptics touchscreen driver on Android (pre-2016-11-05) could allow a local, malicious app to execute arbitrary code in the kernel context. This requires a privileged process to be compromised first, making it a local-privilege-elevation is...
CVE-2016-6753
CVE-2016-6753 describes an information-disclosure vulnerability in Android kernel components, specifically the process-grouping and networking subsystems. The issue affects Android devices prior to 2016-11-05 and is rated Moderate because exploitation requires first compromising a privileged proc...
CVE-2016-6788
CVE-2016-6788 is a local elevation-of-privilege in the MediaTek I2C driver for Android, enabling a malicious local app to execute code in the kernel context. Root cause: MediaTek I2C driver vulnerability; affected component/file: I2C driver. Impact: arbitrary kernel code execution with high sever...
CVE-2016-8423
CVE-2016-8423 is an elevation-of-privilege vulnerability in the Qualcomm bootloader that could let a local malicious app execute arbitrary code in the kernel context. Public sources describe Android as the affected product, with explicit remediation tied to the 2017-01-05 patch level for devices ...
CVE-2017-0546
Concrete details found in connected documents: CVE-2017-0546 is described as an elevation of privilege vulnerability in Android's SurfaceFlinger. Affected product is Android, with versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 identified in the CNVD entry. The CNVD/CVE records indicate a lo...
CVE-2017-0552
CVE-2017-0552 affects Android Mediaserver (libavc). A remote attacker could craft a file to trigger a denial of service, causing a device hang or reboot. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1. The initial description and connected sources identify the issue as a remote DoS in Mediaser...
CVE-2017-0828
CVE-2017-0828 is described across multiple sources as an elevation of privilege affecting Huawei bootloader within Android kernel contexts. The primary affected component is the bootloader on Huawei devices, enabling an attacker to escalate privileges. Public descriptions consistently label it as...
CVE-2017-11005
CVE-2017-11005 describes a Use-After-Free in the Android MSM stack (including CAF/Linux kernel paths) during deinitialization. The issue affects Android/CAF-derived builds and related MSM variants (Firefox OS for MSM, QRD Android) and is listed with high to critical impact in the NVD metrics (CVS...
CVE-2017-11031
CVE-2017-11031 affects Android on MSM, Firefox OS for MSM, and QRD Android builds that use CAF with the Linux kernel. The issue arises from the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command, which can trigger a use-after-free condition. The available sources describe the vulnerability but do not provi...
CVE-2017-11054
CVE-2017-11054 affects Android for MSM, Firefox OS for MSM, and QRD Android on CAF Linux kernels. The vulnerability is a buffer over-read triggered when processing a specially crafted cfg80211 vendor command, potentially impacting confidentiality (as per CVSS) and availability. Connected document...
CVE-2017-11056
CVE-2017-11056 affects Android variants using CAF Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The issue arises during SHA and cipher operations when a userspace buffer is directly accessed from kernel space, potentially triggering a page fault. The description confirms the ro...
CVE-2017-11080
CVE-2017-11080 is a local buffer overflow vulnerability described for Android on MSM/CAF platforms (Linux kernel path) when processing a user-supplied sparse image and the sparse header block size equals 4294967296. The issue affects Qualcomm bootloader components as mapped in the CVE references,...
CVE-2017-11082
CVE-2017-11082 affects Qualcomm WLAN in Android on MSM (and related CAF/Linux kernel builds) where a race condition in the firmware loading routine could lead to a buffer overflow if multiple user-space threads update the WLAN firmware file via sysfs. The root cause is a race in the firmware load...
CVE-2017-11093
CVE-2017-11093 affects Android MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel for Display; the issue is a buffer over-read caused by missing upper-bound validation when reading the EDID field num_of_cea_blocks, potentially exposing kernel memory and causing information dis...
CVE-2017-13199
CVE-2017-13199 affects Android 8.0 and 8.1. The issue arises in the Bitmap handling path (Bitmap.nativeCreate) where a failure during Bitmap creation does not throw an OOM, causing a downstream java.io.IOException and enabling a remote denial of service of a critical system process without user i...
CVE-2017-13206
CVE-2017-13206 is an information-disclosure vulnerability in Android’s media framework (aacdec) affecting Android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The issue is documented in multiple sources (NVD entry; Pixel/Nexus security bulletin). The Pixel bulletin lists this CVE under the...
CVE-2017-13213
CVE-2017-13213 is a Broadcom bcmdhd driver Elevation of Privilege flaw affecting Android devices (Broadcom WiFi driver in the Android kernel). The public records describe a local-elevation vulnerability in the bcmdhd component, enabling an attacker with local access to escalate privileges on affe...
CVE-2017-13235
The CVE-2017-13235 entry concerns a vulnerability in the Android Media framework. The provided sources identify it as part of the Pixel/Nexus security bulletin and list affected Android versions 7.0, 7.1.1, 7.1.2, 8.0, and 8.1, within the Media framework component. The Pixel bulletin groups CVE-2...
CVE-2017-13257
CVE-2017-13257 affects Android. The issue is a use-after-free in bta_pan_data_buf_ind_cback (bta_pan_act.cc) that can lead to an out-of-bounds read of memory allocated via malloc, resulting in information disclosure. Exploitation details are not provided beyond a note that user interaction is req...
CVE-2017-13265
CVE-2017-13265 is an Elevation of Privilege issue in the Android system related to OTA updates affecting Android 7.0–8.1. The Android Security Bulletin places this as a System component EoP vulnerability and indicates a remediation via the 2018-03-05 patch level for Pixel/Nexus devices; the NVD e...
CVE-2017-13270
CVE-2017-13270 is an Elevation of Privilege (EoP) vulnerability in the upstream kernel mnh_sm driver affecting Android kernel. The issue is categorized as EoP in the Kernel components table of the Pixel/Nexus security bulletin, labeled as Moderate impact for the mnh_sm driver. There is no exploit...
CVE-2017-13295
CVE-2017-13295 is a DoS in the Android framework component known as the package installer. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. The Android Pixel/Nexus bulletin lists this issue under the Framework update with Updated AOSP versions 6.0–8.1 and notes that security pa...
CVE-2017-14873
CVE-2017-14873 affects Android devices using MSM CAF Linux kernels with the Qualcomm graphics driver. The issue is described as a kernel memory overwrite in the pp_pgc_get_config() function, enabling a local escalation of privileges or memory corruption as indicated by the CVSS in public records....
CVE-2017-14884
CVE-2017-14884 affects Qualcomm WLAN components in Android CAF builds using the Linux kernel. Root cause: missing bounds check on data_len in WLANQCMBR_McProcessMsg, potentially causing a buffer overflow in WLANFTM_McProcessMsg. Impact: elevation of privilege on a locally exploited path within Qu...
CVE-2017-14887
CVE-2017-14887: In Android for MSM, Firefox OS for MSM, QRD Android, and all CAF Linux-kernel Android releases, processing messages of type eWNI_SME_MODIFY_ADDITIONAL_IES can trigger an integer overflow that may lead to a heap buffer overflow. Affected platforms include Android for MSM and relate...
CVE-2017-14898
CVE-2017-14898 affects Qualcomm WLAN in Android builds (Android for MSM, CAF/Linux kernel). The issue is a buffer overrun in QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE handling when QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE is less than 1 byte. Impact per sources includes high confidentiality, integrit...
CVE-2017-14903
CVE-2017-14903 describes a buffer over-read in SENDACTIONFRAME IOCTL processing on Android for MSM/CAF Linux kernel branches (Android devices using Qualcomm/CAF). The vulnerability stems from insufficient payload length handling (payload length
CVE-2017-15821
CVE-2017-15821 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The issue is in the function wma_p2p_noa_event_handler(), where there is no bound check on a value from firmware, potentially causing a buffer overwrite. This description explicitly names t...
CVE-2017-15824
CVE-2017-15824 affects Android CAF-based builds (Android for MSM, Firefox OS for MSM, QRD Android) prior to 2018-06-05. Root cause: UpdateDeviceStatus() writes an uninitialized local stack buffer to flash via WriteToPartition(), enabling a potential memory leak and information disclosure. Impact ...
CVE-2017-17769
CVE-2017-17769 involves information leakage in the Qualcomm component (MSM audio driver; listed as qdsp6v2 in the Pixel bulletin) affecting Android for MSM and related builds. The vulnerability is an information-disclosure issue with confidentiality impact (NVD CVSS3: HIGH, base 5.5) and is categ...
CVE-2017-17770
CVE-2017-17770 is an Elevation of Privilege in Qualcomm components (Binder) related to a power-driver ioctl Untrusted Pointer Dereference in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android prior to patch level 2018-04-05. The root cause is an untrusted pointer dereference in a kerne...
CVE-2017-17771
CVE-2017-17771 affects the MSM camera path (msm_isp_prepare_v4l2_buf) in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-02-12. The issue is an array out-of-bounds condition in the buffer preparation routine. The root cause is within the Qualcomm MSM media/camera stack, impacti...
CVE-2017-17860
Technical details about CVE-2017-17860 are not publicly available in the provided Connected documents; no affected products, versions, root cause, impact, or fixes are disclosed here. Monitor for updates.
CVE-2017-18052
CVE-2017-18052 affects Qualcomm WLAN in Android devices (CAF Linux kernel line) via the wma_mgmt_tx_bundle_completion_handler() function. The root cause is improper input validation for cmpl_params->num_reports, param_buf->desc_ids, and param_buf->status received from firmware, leading t...
CVE-2017-18053
CVE-2017-18053 affects Android for MSM/CAF Linux kernel environments and Qualcomm WLAN (Wma) via wma_p2p_lo_event_handler, where improper input validation of fix_param->vdev_id leads to potential out-of-bounds memory reads from firmware. Affected component is the WLAN stack (Wma), with impact ...