8153 matches found
CVE-2014-9932
CVE-2014-9932 is described across connected sources as an integer overflow in TrustZone, potentially affecting Android on Pixel/Pixel XL devices via CAF/Linux kernel, caused by improper address range computation. The NVD entry notes a TrustZone integer overflow across all CAF Android releases usi...
CVE-2014-9946
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2014-9953
CVE-2014-9953 is an elevation-of-privilege vulnerability affecting Qualcomm closed‑source components within Android kernels. The CVE is documented across multiple sources (NVD, CVE List, prion-like aggregations) as a Qualcomm‑related issue with a critical impact. The vulnerability is categorized ...
CVE-2015-3833
CVE-2015-3833 affects Android up to version 5.1.1 (LMY48I). Root cause is in ActivityManagerService.getRunningAppProcesses, allowing a crafted app to bypass getRecentTasks restrictions and reveal the foreground app name. Public descriptions across sources confirm the flaw exists in Android before...
CVE-2015-6601
CVE-2015-6601 affects libstagefright in Android up to version 5.1.1 LMY48T. A crafted media file could cause memory corruption in mediaserver, allowing remote code execution or a denial of service. The issue is addressed by patches in Android 5.1.1 (LMY48T) and later via the October 2015 Nexus/An...
CVE-2015-6625
CVE-2015-6625 describes an information-disclosure/privilege-escalation vulnerability in Android 6.0 System Server, where a crafted application can access sensitive data and potentially gain higher privileges. The connected sources corroborate that this issue affects Android 6.0 prior to the Decem...
CVE-2015-6643
CVE-2015-6643 affects Android Setup Wizard in 5.x (before 5.1.1 LMY49F) and 6.0 (before 2016-01-01). The issue allows a physically proximate attacker to modify device settings or bypass reset protection via the Setup Wizard, indicating an elevation of privilege. Root cause is tied to the Setup Wi...
CVE-2015-8592
CVE-2015-8592 describes a vulnerability in Qualcomm closed‑source components used in Android CAF Linux builds where a reverse‑referenced pointer is not validated before dereference, potentially causing Guest‑OS memory corruption. Affected: Qualcomm components integrated into Android CAF/Linux ker...
CVE-2015-8889
CVE-2015-8889 concerns the aboot implementation in Qualcomm components within Android on Nexus 6P devices, prior to the 2016-07-05 patch. The description notes that the recovery PIN feature is omitted, with impact and attack vectors listed as unspecified. Connected CNVD-2016-04846 and related CNV...
CVE-2015-9013
CVE-2015-9013 is described as an elevation-of-privilege vulnerability in Qualcomm closed‑source components used by Android, affecting the Android kernel. The connected docs identify the issue as a Qualcomm/Android kernel problem but do not provide concrete exploit details, affected versions beyon...
CVE-2015-9015
Technical details for CVE-2015-9015 are not publicly available in the provided documents; monitor for updates.
CVE-2015-9023
The CVE-2015-9023 entry describes a buffer overflow in the PlayReady API, present in all Android releases from CAF using the Linux kernel. The vulnerability can enable a remote attacker to execute arbitrary code or cause a denial of service by exploiting the PlayReady API in affected Android comp...
CVE-2015-9044
In CVE-2015-9044, Qualcomm products with CAF Android releases using the Linux kernel have a vulnerability in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. The NVD metrics indicate a CRITICAL impact (Network, No privileges, No user interaction) wit...
CVE-2015-9062
Technical details about CVE-2015-9062 are not publicly provided in the connected documents. Monitor for updates.
CVE-2015-9068
CVE-2015-9068 affects Qualcomm products with Android CAF builds using the Linux kernel. The root cause is improper validation of an argument to a mink syscall, as described in the CVE description. The entry is mapped to a highly critical impact profile (network attack vector, no user interaction,...
CVE-2016-10298
CVE-2016-10298 is an elevation-of-privilege vulnerability affecting Android kernel via Qualcomm closed-source components. Affected product: Android (kernel level). Root cause: flaw in Qualcomm closed-source components integrated with Android leading to unauthorized privilege escalation. Impact: c...
CVE-2016-10380
CVE-2016-10380 affects Qualcomm components in Android CAF builds and relates to an information disclosure where the UE can send unprotected MeasurementReports that reveal UE location. Affected environment is Qualcomm-based Android devices using CAF with the Linux kernel. The underlying issue is i...
CVE-2016-11036
CVE-2016-11036 concerns Samsung mobile devices running Android M (6.0) where a Factory Reset Protection (FRP) bypass exists. The issue is described across multiple connected documents as a FRP bypass in Samsung devices (Samsung ID SVE-2016-6008). The vulnerability is documented in the NVD entry f...
CVE-2016-11046
The CVE-2016-11046 issue affects Samsung mobile devices running JBP (4.3), KK (4.4), and L (5.0/5.1) where a misused whitelist allows access to the Radio Interface Layer (RIL/RILD) enabling calls or SMS. Affected component is the RIL path; root cause is the whitelist mishandling, as described in ...
CVE-2016-11047
Samsung mobile devices with JBP(4.2) and KK(4.4) on Marvell chipsets are affected by CVE-2016-11047 due to a stack-based buffer overflow in the ACIPC-MSOCKET driver, enabling local privilege escalation. Root cause: vulnerable ACIPC-MSOCKET component; impact: local privilege elevation as described...
CVE-2016-2412
CVE-2016-2412 affects Skia in Android System_server. The issue arises from include/core/SkPostConfig.h (SkPostConfig) being mishandled during certain crashes, allowing privilege escalation via a crafted application and potentially granting Signature or SignatureOrSystem access. Affected versions ...
CVE-2016-2433
The CVE-2016-2433 entry concerns the Broadcom Wi‑Fi driver for Android used in BlackBerry smartphones prior to Build AAE570. The connected sources (NVD, CNVD, CVE listings) consistently describe a vulnerability that allows remote attackers to execute arbitrary code in the kernel context, affectin...
CVE-2016-2436
The CVE-2016-2436 issue affects the NVIDIA video driver on Android devices prior to 2016-05-01 (Nexus 9). It enables a local attacker to gain privileges via a crafted application (internal bug 27299111). The vulnerability is documented in multiple sources (NVD, OSV, Ubuntu, etc.) with the Android...
CVE-2016-3824
CVE-2016-3824 covers a Mediaserver elevation of privilege flaw in Android’s mediaserver (libstagefright), where OMXNodeInstance.cpp in OMX buffer port handling is unvalidated. A crafted application could exploit this local issue to gain privileges. Affected are Android 4.x before 4.4.4, 5.0.x bef...
CVE-2016-3831
CVE-2016-3831 affects the Android telephony stack: Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 are vulnerable to a remote-triggered denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock ...
CVE-2016-3849
CVE-2016-3849: Privilege escalation via the ION driver on Pixel C; affected Android ION functionality vulnerable to crafted apps before 2016-08-05. Root cause: kernel/ION interaction allows local code execution with high impact. Patch status: patch not publicly available; fix delivered via latest...
CVE-2016-3850
CVE-2016-3850 describes an integer overflow in aboot.c (Qualcomm bootloader) affecting Android devices prior to 2016-08-05, including Nexus 5, 5X, 6P, and 7 (2013). The vulnerability allows privilege escalation via a crafted header field in a boot image. The provided documents do not specify exac...
CVE-2016-3871
CVE-2016-3871 refers to multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp within libstagefright/mediaserver on Android. The root cause is memory corruption in the MP3 decoding path, enabling a crafted application to gain privileges. Affected platforms include Android 4.x up to 4.4.4, 5.0.x u...
CVE-2016-3872
CVE-2016-3872 describes a buffer overflow in codecs/on2/dec/SoftVPX.cpp within libstagefright/Mediaserver. The vulnerability affects Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, 6.x up to 2016-09-01, and 7.0 up to 2016-09-01, allowing a crafted application to gain privileges. Th...
CVE-2016-3875
Technical details beyond the Initial Description are not provided in the connected documents. No vendor/product/version/remediation specifics are present. Monitor for updates.
CVE-2016-3879
CVE-2016-3879 concerns a denial-of-service vulnerability in Android’s Mediaserver. The issue resides in arm-wt-22k/lib_src/eas_mdls.c within Mediaserver and is triggered by processing a crafted media file, leading to a NULL pointer dereference and potentially device hang or reboot. Affected produ...
CVE-2016-3887
CVE-2016-3887 affects Android 7.0 (Nougat) before the 2016-09-01 patch; the issue arises from inadequate enforcement of the DISALLOW_CONFIG_VPN setting in providers/settings/SettingsProvider.java, allowing a crafted app to bypass the intended always-on VPN state. The vulnerability is described as...
CVE-2016-3890
The CVE-2016-3890 issue concerns the Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp across Android 4.x (before 4.4.4), 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-09-01). The root cause is mishandling of socket close operations, which can allow attackers to...
CVE-2016-3892
CVE-2016-3892 affects the Qualcomm SPMI driver in Android prior to 2016-09-05 on Nexus 5, 5X, 6 and 6P. The issue is an information-disclosure vulnerability that allows a crafted Android application to obtain sensitive data due to flaws in the SPMI driver. Impact is described as partial confident...
CVE-2016-3898
CVE-2016-3898 affects Android Telephony: a crafted application can modify TTY mode by broadcasting an intent, triggering a denial of service that disrupts locked-screen 911 TTY functionality. Affected versions include Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 ...
CVE-2016-3901
CVE-2016-3901 affects the Qualcomm cryptographic engine driver (drivers/crypto/msm/qcedev.c) in Android. It describes multiple integer overflows that enable a local privilege escalation via a crafted application on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices. Root cause is integer overfl...
CVE-2016-3903
CVE-2016-3903 is a vulnerability in the Qualcomm camera driver (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c) affecting Android on Nexus 5, 5X, 6, 6P and Android One, prior to the Oct 5, 2016 patch. The connected CNVD entry notes an integer overflow in the Qualcomm camera driver, w...
CVE-2016-3917
CVE-2016-3917 affects Android fingerprint login on 6.0.1 and 7.0 before 2016-10-01. The root cause is that the fingerprint authentication process does not track the active user, allowing a physically proximate attacker with lockscreen access to authenticate as another user. Exploitation is local;...
CVE-2016-3920
CVE-2016-3920 affects Android Mediaserver (libstagefright) via id3/ID3.cpp. A crafted file could cause a denial of service (device hang or reboot) in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01. Connected sources confirm the issue and note that...
CVE-2016-3939
CVE-2016-3939 affects the Qualcomm video driver (drivers/video/msm/mdss/mdss_debug.c) in Android on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices. Root cause is in the Qualcomm mdss_debug path that allows a crafted application to gain privileges locally. Public details indicate an elevatio...
CVE-2016-5341
CVE-2016-5341 : Denial-of-service in the Android GPS component caused by spoofed xtra.bin/xtra2.bin files. The issue affects Android GPS logic prior to 2016-12-05, allowing a remote attacker (via a spoofed Qualcomm hosting domain) to trigger GPS signal-acquisition delays, potentially causing devi...
CVE-2016-6681
CVE-2016-6681 describes an information disclosure vulnerability in the Qualcomm QDSP6v2 driver (drivers/misc/qcom/qdsp6v2/audio_utils.c) on Android devices prior to 2016-10-05, affecting Nexus 5X, Nexus 6P, and Android One. The issue stems from not initializing certain data structures, allowing a...
CVE-2016-6687
CVE-2016-6687 is an information-disclosure vulnerability in the NVIDIA profiler on Android devices (Nexus 9) prior to the 2016-10-05 patch level. A crafted application could allow a local attacker to access sensitive information via the profiler. The connected NVIDIA bulletin notes that the patch...
CVE-2016-6720
CVE-2016-6720 is an information-disclosure vulnerability in libstagefright within Mediaserver on Android. A local malicious application could access data outside its permissions by exploiting Mediaserver’s handling of media processing. Affected Android versions include 4.x before 4.4.4, 5.0.x bef...
CVE-2016-6721
The CVE-2016-6721 entry concerns an information-disclosure vulnerability in Mediaserver on Android 6.x (before 2016-11-01) and 7.0 (before 2016-11-01). A local malicious application could access data outside its permission granularity due to Mediaserver processing of media files. The issue is lis...
CVE-2016-6736
CVE-2016-6736 is an elevation-of-privilege vulnerability in the NVIDIA GPU driver on Android, allowing a local malicious app to run code in the kernel context. Affected: Android devices with the NVIDIA GPU driver prior to the 2016-11-05 patch; impact is rated Critical (potential local permanent d...
CVE-2016-6748
CVE-2016-6748 describes an information-disclosure vulnerability in Qualcomm components used in Android (GPU driver, power driver, SMSM Point-to-Point driver, and sound driver). The flaw could allow a local malicious app to access data outside its permissions, with impact described as information ...
CVE-2016-6751
CVE-2016-6751 describes an information-disclosure vulnerability in Qualcomm components used by Android (GPU driver, power driver, SMSM Point-to-Point driver, and sound driver) where a local malicious app could access data outside its permissions. The root cause is information exposure within thes...
CVE-2016-6752
CVE-2016-6752: An information-disclosure vulnerability in Qualcomm components (GPU driver, power driver, SMSM Point-to-Point driver, and sound driver) in Android prior to 2016-11-05 can allow a local malicious app to access data outside its permissions after compromising a privileged process. Aff...
CVE-2016-8482
CVE-2016-8482 is documented as an elevation of privilege in the NVIDIA GPU driver affecting Android kernels. The available details indicate a memory handling issue (referencing memory after it has been freed) in the NVIDIA Tegra kernel/driver components, leading to potential privilege escalation ...