8153 matches found
CVE-2019-20608
The CVE-2019-20608 entry concerns Samsung mobile devices running N(7.x), O(8.x), and P(9.0). The vulnerability is described as an issue where an attacker can use Emergency mode to disable features on these devices (Samsung IDs SVE-2018-13164, SVE-2018-13165). Connected sources (Red Hat, NVD, CVE ...
CVE-2019-20623
CVE-2019-20623 affects Samsung mobile devices running Android N (7.1), O (8.x), and P (9.0). The vulnerability is described as an uninitialized memory disclosure in Gallery, associated with Samsung ID SVE-2018-13060 (Feb 2019). Connected sources corroborate the issue across Red Hat and other CVE ...
CVE-2017-9687
CVE-2017-9687 involves a race between two concurrent threads/processes in Android for MSM (and related CAF/Linux kernel builds) where they can write the value "0" to a debugfs file that controls ipa ipc log. This can lead to a double-free in ipc_log_context_destroy() and a Use-After-Free when the...
CVE-2017-9706
Technical details about CVE-2017-9706 are not provided in the supplied documents. The initial description only notes a potential array out-of-bounds in a display driver; no vendor/product/version specifics or fixes are included. Monitor for updates.
CVE-2017-9716
CVE-2017-9716 affects the Qualcomm Qbt1000 driver (Qualcomm components) in Android for MSM and related CAF-based kernels. The vulnerability is described as an Elevation of Privilege (EoP) issue, with CVE records (NVD, CVELIST, CNVD) confirming the driver as the vulnerable component and noting an ...
CVE-2018-11294
CVE-2018-11294 affects Qualcomm CAF Android WLAN components (WLAN HOST). The issue arises in the WLAN firmware handling, where information for 4 Access Categories (AC) is provided but only the first 3 ACs are copied due to improper conditional logic. This truncation potentially affects the WLAN A...
CVE-2018-11860
CVE-2018-11860 affects CAF Android builds using the Linux kernel, where a buffer overflow could occur while processing the ndp event due to a missing length check. The vulnerability is described as a local issue with high impact (per CVSS: 7.2/7.8), but the connected documents do not provide spec...
CVE-2018-11886
CVE-2018-11886 affects Qualcomm WLAN host in Android CAF/linux-kernel WLAN stack. Root cause: missing validation when calculating MPDU data length leads to an integer overflow, then a buffer overflow in the WLAN function. Impact per sources is consistent with local, low-privilege exploitation and...
CVE-2018-11910
Technical details about CVE-2018-11910 are not publicly provided in the connected documents. Monitor for updates; current sources only reiterate a general access-control issue related to CAF/Linux in Android releases.
CVE-2018-11985
CVE-2018-11985 affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built with CAF Linux kernel. The vulnerability is a heap overflow caused by an integer overflow when allocating heap with a user-supplied size, arising from roundup to native pointer. CVSS2/3 indicate MEDIU...
CVE-2018-21045
CVE-2018-21045 affects Samsung mobile devices running N(7.x) and O(8.x). The issue is that clipboard data can be accessed while the device is in the lockscreen state via a copy-and-paste action. This is a local exposure of the clipboard contents (no user interaction required), with the impact des...
CVE-2018-21046
CVE-2018-21046 affects Samsung mobile devices running O(8.x) software. The issue is a clipboard data exposure via the Emergency Dialer when a USB device is connected. The connected documents do not provide a concrete root cause, exploit details, or remediation steps. No public mitigation details ...
CVE-2018-21065
The CVE-2018-21065 entry concerns an integer underflow in eCryptFS on Samsung mobile devices running Android M/N/O, caused by a missing size check (Samsung ID SVE-2017-11855). Affected products are Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. The available documents describe t...
CVE-2018-21067
No concrete technical details (affected product/component, root cause, versions, or fix) are provided across the connected documents for CVE-2018-21067. The sources only repeat the generic Samsung Trustlet information disclosure description. Monitor for updates.
CVE-2018-21080
CVE-2018-21080 affects Samsung mobile devices running N(7.x). A physically proximate attacker can use a magnet to activate NFC and bypass the lockscreen (Samsung ID SVE-2017-10897). Exploitation details, affected models/versions, and fixes are not explicitly provided in the connected documents; o...
CVE-2018-21088
CVE-2018-21088 affects Samsung mobile devices running N(7.x). The issue is that InputMethodManagerService exposes an unprotected system service, enabling an attacker to trigger a reboot. The description in connected sources confirms the root cause and impact, but there are no specific patch versi...
CVE-2018-21090
CVE-2018-21090 affects Samsung mobile devices with software up to 2017-11-03 on S.LSI Exynos modem chipsets, due to a baseband buffer overflow in the Exynos modem chipset. The issue is described across multiple sources (NVD entry, Red Hat advisory, CNVD entry, PRION page, CVE listing) with CVSS v...
CVE-2018-3566
CVE-2018-3566 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF linux kernels prior to the 2018-04-05 security patch level. Root cause: a buffer overwrite in ProcSetReqInternal() caused by a missing length check. The issue is categorized as Elevation of Privile...
CVE-2018-3577
CVE-2018-3577 affects Qualcomm WLAN within Android CAF builds (Android for MSM, etc.) prior to the 2018-06-05 patch level. The issue arises while processing fragments: when fragment count is very large, an integer overflow can cause a buffer overflow. The vulnerability is documented in multiple s...
CVE-2018-3580
CVE-2018-3580 describes a stack-based buffer overflow in the WLAN driver when the pmkid_count exceeds the PMKIDCache size on CAF Android (Android for MSM, Firefox OS for MSM, QRD Android) builds using the Linux kernel. The issue affects all such Android releases and relates to the PMKID cache siz...
CVE-2018-5828
Vulnerability CVE-2018-5828 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF Linux kernels prior to 2018-04-05. The issue is in function wma_extscan_start_stop_event_handler() where vdev_id is taken from firmware and not properly validated, potentially leading...
CVE-2018-5856
CVE-2018-5856 affects the Linux kernel in Qualcomm audio paths (sound/soc/qcom/qdsp6/q6asm.c), caused by a race condition leading to a use-after-free. Vendor-specific Android builds (CAF) on MSM, including Audio components, are affected. The description notes potential kernel panic or other unspe...
CVE-2018-5858
CVE-2018-5858 concerns an out-of-bounds access in the audio debugfs for Android CAF builds using the Linux kernel, affecting Android for MSM, Firefox OS for MSM, and QRD Android prior to the 2018-07-05 security patch level. The issue is triggered via the audio debugfs component of the kernel, wit...
CVE-2018-5899
CVE-2018-5899 affects Android CAF builds (Android for MSM, Firefox OS for MSM, QRD Android) with the Linux kernel used in these releases. A use-after-free occurs in the TDLS path: netbuf is freed in ol_tx_completion_handler and subsequently accessed by NBUF_UPDATE_TX_PKT_COUNT. This use-after-fre...
CVE-2018-9437
CVE-2018-9437 involves an out-of-bounds read in getstring() of ID3.cpp, causing a possible remote denial of service in Android. Affected products/versions: Android 6.0–8.1 (as listed). Root cause: missing bounds check on string handling. Impact: DoS with user interaction required (per CVSS3: Loca...
CVE-2018-9490
The CVE-2018-9490 issue affects Android, specifically the CollectValuesOrEntriesImpl function in elements.cc. The root cause is a type confusion that can enable remote code execution, leading to remote escalation of privilege. The vulnerability is exploitable with user interaction and has a local...
CVE-2018-9498
CVE-2018-9498 affects Android's media stack, specifically the Skia component’s SkSampler::Fill in SkSampler.cpp. The issue is a possible out-of-bounds write caused by an integer overflow, enabling remote code execution with user interaction required. Affected: Android 7.0–7.1.2 and 8.0–8.1 (Andro...
CVE-2018-9523
CVE-2018-9523 affects Android 7.0–9 in Parcel.java’s Parcel.writeMapInternal, where a parcel serialization/deserialization mismatch arises from improper input validation. This creates local privilege escalation with no user interaction required; the issue is exploitable locally within affected An...
CVE-2018-9536
CVE-2018-9536 affects Android 9 via libFDK, where out-of-bounds writes result from incorrect bounds checks. This vulnerability can enable remote code execution with no extra privileges, requiring user interaction to exploit. Public references in the connected documents include the Android 2018-11...
CVE-2018-9541
CVE-2018-9541 affects Android devices (Android 7.0–9) and targets the Bluetooth stack. The flaw is in the function avrc_pars_vendor_rsp of avcr_pars_ct.cc , where a missing bounds check can cause an out-of-bounds read. This can lead to remote information disclosure in the Bluetooth service withou...
CVE-2018-9582
CVE-2018-9582 affects Android 8.0–9 package installer, enabling local elevation of privilege via bypassing the unknown-source warning in a confused deputy scenario. Exploitation requires no user interaction; attacker gains partial to high impact on confidentiality, integrity, and availability. Th...
CVE-2018-9594
Summary: CVE-2018-9594 affects Android 7.x–9.x (7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9) in the llcp_link_proc_agf_pdu path of llcp_link.cc. Described as an out-of-bounds read caused by an integer overflow, enabling local information disclosure over NFC without user interaction. Impact (per sources): Loca...
CVE-2019-2039
In CVE-2019-2039, the flaw is a possible out-of-bounds read in rw_i93_sm_detect_ndef within rw_i93.cc, caused by a missing bounds check. This can lead to local information disclosure on Android devices. Affected products/versions include Android 7.0, 7.1.x, 8.x, and 9 (as listed in the NVD entry)...
CVE-2019-2041
The CVE-2019-2041 issue concerns the NFC module configuration in Android devices, where an insecure default value can cause a failure to distinguish between devices. This enables local elevation of privilege with no extra execution privileges, with user interaction required for exploitation. Affe...
CVE-2019-20537
CVE-2019-20537 affects Samsung mobile devices on P(9.0) platforms leveraging the SEM Trustlet (TEEGRIS/Qualcomm chipsets). The vulnerability is an arbitrary memory overwrite in the SEM Trustlet, which can lead to arbitrary code execution. Affected hardware/firmware details: Samsung devices using ...
CVE-2019-20540
CVE-2019-20540 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) Exynos software. The issue is a buffer over-read in the core touch screen driver that can lead to a possible information leak. Connected sources corroborate the same description; no explicit patch/version details or ...
CVE-2019-20545
Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) are affected by CVE-2019-20545 due to a buffer overflow in the HDCP Trustlet that contaminates secure TEEGRIS memory. The issue is tracked as Samsung SVE-2019-15283 (November 2019). Impact is described as high/critical with potential...
CVE-2019-20549
The vulnerability CVE-2019-20549 affects Samsung mobile devices (N7.x, O8.x, P9.0) with Broadcom Bluetooth, where a heap out-of-bounds access can occur during LE Packet reception. The issue is tracked under Samsung ID SVE-2019-15724. According to the provided metrics, the CVSS base scores indicat...
CVE-2019-2055
CVE-2019-2055 affects Android 10 via the libxaac library, where an out-of-bounds write due to a missing bounds check enables remote code execution with the attacker needing no privileges and requiring user interaction. The issue is documented across multiple feeds (NVD, RH, CNVD) and is associate...
CVE-2019-20550
CVE-2019-20550 affects certain Samsung mobile devices running O(8.x) software (China/India releases). The issue, described across multiple sources, is that the S Secure app can access the contents of a locked application without requiring a password. The Red Hat and NVD entries mirror this descri...
CVE-2019-20556
The CVE-2019-20556 entry concerns Samsung mobile devices with Android 9.0 (P) on specific chipsets (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, exynos9820). The issue is a memory corruption in the RKP (root key protection) path that permits an attacker to control the effective address ...
CVE-2019-20582
CVE-2019-20582 concerns a use-after-free in the ion driver on Samsung mobile devices with Exynos9810 (O(8.x) and P(9.0)). The NVD entry lists a CVSS-3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges required, and high impacts to confidentiality, integrity, and availabilit...
CVE-2019-20595
CVE-2019-20595 concerns Samsung mobile devices running P(9.0) where the Quick Panel can enable or disable the Bluetooth stack without authentication. Affected: Samsung mobile devices with P(9.0) software (as cited in the CVE records). Root cause: an insecure Quick Panel action allows state change...
CVE-2019-20604
The connected records indicate CVE-2019-20604 affects Samsung mobile devices running O(8.x) software, with the Gallery application being permanently disableable by an attacker. The core information available: affected product (Samsung Gallery on Samsung devices), impact (Gallery can be disabled p...
CVE-2019-2069
CVE-2019-2069 affects Android 10 via a vulnerability in libxaac caused by a missing bounds check, leading to an out-of-bounds write that could cause remote code execution. The description states user interaction is required for exploitation. Connected documentation confirms the issue exists in li...
CVE-2019-20782
CVE-2019-20782 describes a buffer overflow in LG Advanced Flash (LAF) on LG mobile devices running Android 7.x–8.1. The issue is tied to LG’s LAF component and 나타는 root cause is a buffer overflow. Documents specify affected versions and device scope but do not provide exploit details, affected pr...
CVE-2019-2089
CVE-2019-2089 affects Android 10 Framework: during app uninstallation, a set of permissions may remain for a shared app ID, enabling local privilege escalation with no additional execution privileges required. The condition is exploitable with user interaction. The issue is documented in Android ...
CVE-2019-2122
CVE-2019-2122 affects Android 7.0–9, describing a local privilege-escalation in LockTaskController.lockKeyguardIfNeeded due to a differing default-case handling between WindowManager and Settings. Impact: potential elevation of privileges with user interaction required; exploitability is local. C...
CVE-2019-2131
CVE-2019-2131 affects Android devices where an application with overlay permission can display overlays on top of the Settings UI, potentially enabling local elevation of privilege. The issue is tied to the overlay permission mechanism on versions including Android 7.0–9.x (Android-7.0, 7.1.1, 7....
CVE-2019-2172
CVE-2019-2172 is a information-disclosure flaw in the Android 10 libxaac component caused by uninitialized data. The vulnerability could allow access to information without extra execution privileges, with the attack requiring user interaction. Affected product: Android 10 (libxaac in Android). T...