8153 matches found
CVE-2017-0546
Concrete details found in connected documents: CVE-2017-0546 is described as an elevation of privilege vulnerability in Android's SurfaceFlinger. Affected product is Android, with versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 identified in the CNVD entry. The CNVD/CVE records indicate a lo...
CVE-2017-0618
CVE-2017-0618 is an elevation-of-privilege vulnerability in the MediaTek command queue driver that could allow a local malicious app to execute arbitrary code in the kernel context on Android. The issue requires compromising a privileged process first and is rated High. Affected component: MediaT...
CVE-2017-0751
CVE-2017-0751 is a local elevation-of-privilege vulnerability in the Qualcomm QCE driver affecting Android kernel. Affected component: QCE driver within the Android platform; vulnerable code path enables a privileged escalation. Exploitation status is not detailed in the provided documents. The v...
CVE-2017-0851
The CVE-2017-0851 entry describes an information-disclosure vulnerability in Android's media framework (libhevc). Affected are Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The issue is a information disclosure (confidentiality impact) vulnerability in the Media framework...
CVE-2017-0853
CVE-2017-0853 is an information-disclosure vulnerability in Android’s Media framework affecting 7.0, 7.1.1, 7.1.2 and 8.0 on Pixel/Nexus devices. Connected CNVD entry confirms a Media framework information-disclosure issue; Pixel bulletin explicitly lists CVE-2017-0853 in the Media framework with...
CVE-2017-11045
CVE-2017-11045 affects the Android camera stack (Android for MSM / CAF Linux kernel) in the camera driver function, where a race condition can lead to a Use-After-Free. The vulnerability is localized and impacts components related to Qualcomm/Camera in affected Android builds; CVSS scores indicat...
CVE-2017-11058
CVE-2017-11058 affects Android on MSM/Qualcomm WLAN (cfg80211 vendor command handling). The issue is a buffer over-read in the WLAN driver, prompting potential information disclosure (confidentiality impact). Affected firmware, per Pixel/Nexus security bulletin, was addressed by the 2017-11-05 pa...
CVE-2017-11066
CVE-2017-11066 affects Android on MSM platforms (Android for MSM, Firefox OS for MSM, QRD Android) with CAF Linux kernel; during ubi image flashing, an uninitialized memory region could be accessed. Connected records corroborate this description. The provided documents do not include explicit exp...
CVE-2017-11078
CVE-2017-11078 describes an out-of-bounds read in the boot image header processing for CAF Android builds (Android for MSM, Firefox OS for MSM, QRD Android with the Linux kernel). The issue is a local memory/read fault in the boot component, with CVSS scores indicating moderate to high impact acr...
CVE-2017-13170
CVE-2017-13170 is an elevation of privilege in the MediaTek display driver used by Android. The issue affects the Android kernel via the MediaTek display driver component and is described as a local EoP vulnerability with potential to gain privileged execution. The Android 2017-12-01/2017-12-05 s...
CVE-2017-13198
CVE-2017-13198 affects the Android media framework (ex) and is linked to the composition of frames lacking a color map. Affected versions are Android 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The vulnerability is described as a DoS risk with impact on availability (per NVD metrics: HIGH) and is categorize...
CVE-2017-13202
CVE-2017-13202 is an information-disclosure vulnerability in Android’s media framework component libeffects . Affects Android releases listed in the entry: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. The connected documents consistently describe the issue as a libeffects information-disclosur...
CVE-2017-13225
CVE-2017-13225 describes a heap buffer overflow in MTK Media (MTK MTK Media) within libMtkOmxVdec.so that could enable local elevation of privilege and code execution in a privileged Android process. Exploitation is described as requiring user interaction, with the impact stated as remote-like pr...
CVE-2017-13301
CVE-2017-13301 is a DoS in Android 8.0’s system UI (Android system UI). The available connected sources indicate this affects Pixel/Nexus devices (Android 8.0) and is categorized as DoS in the Android System UI component, with a moderate severity patch path in the Pixel/ Nexus security bulletin s...
CVE-2017-14870
CVE-2017-14870 affects Android for MSM/CAF Linux-based Android (Android builds using CAF), specifically involving 1088 bytes of stack memory leakage during eMMC recovery message updates. The vulnerability is categorized as information disclosure with partial confidentiality impact and could be ex...
CVE-2017-14875
CVE-2017-14875 describes a heap overread in the ioctl handler VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE used by Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-05-23. The provided documents name the affected environments and the general vulnerability class but do not provide further root...
CVE-2017-14892
CVE-2017-14892 affects Android for MSM, Firefox OS for MSM, and QRD Android builds prior to 2017-09-19. The issue stems from not properly validating the return value of q6asm_open_shared_io() in msm_pcm_hw_params(), which can lead to a dangling pointer access. The available sources describe the v...
CVE-2017-14894
CVE-2017-14894 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF with the Linux kernel prior to the 2018-04-05 patch level. In wma_vdev_start_resp_handler(), the vdev_id received from firmware can exceed the maximum BSSID stored in wma_handle->interfaces, l...
CVE-2017-15829
CVE-2017-15829 is a Qualcomm Graphics_Linux component vulnerability reported as a race condition in the GPU driver that can lead to a Use-After-Free. The issue is listed as Elevation of Privilege (EoP) and is associated with Qualcomm’s graphics stack on CAF Android builds using the Linux kernel. ...
CVE-2017-15850
CVE-2017-15850 affects Android for MSM, Firefox OS for MSM, and QRD Android on CAF builds using the Linux kernel; described impact is that userspace can read values from audio codec registers. The connected documents do not provide concrete root-cause details or a remediation/fix. No exploitation...
CVE-2017-15857
CVE-2017-15857 is an out-of-bounds access vulnerability in the camera driver of Android CFAs (Android for MSM, Firefox OS for MSM, QRD Android) linked to an error when copying region params from user space in the Linux kernel. Affected product area: camera subsystem/kernell driver in Android rele...
CVE-2017-15862
CVE-2017-15862 is a Qualcomm WLAN vulnerability reported across Android CAF/Linux kernel builds. The issue arises in the function wma_unified_link_radio_stats_event_handler(), where the firmware-provided count of radio channels is not properly validated, potentially triggering an integer overflow...
CVE-2017-18061
CVE-2017-18061 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel. The vulnerability stems from a potential buffer overflow when processing an AOA (Android Open Accessory) measurement event from WIGIG firmware in wil_aoa_evt_meas(), with Wil6210 as the rela...
CVE-2017-18063
CVE-2017-18063 affects Android for MSM (CAF Linux kernel) with WLAN firmware; the issue is improper input validation for nlo_event in wma_nlo_match_evt_handler(), which can cause out-of-bounds memory access. Affected products are Android builds for MSM/CAF and related devices using the Linux kern...
CVE-2017-8243
CVE-2017-8243 is documented with concrete details in connected sources: it affects Qualcomm components, specifically the SoC driver, categorized as Elevation of Privilege (EoP) with a Moderate impact. The root cause is a buffer overflow that can occur when processing a firmware image file. Public...
CVE-2017-8273
CVE-2017-8273: In Qualcomm CAF Android builds, a buffer overflow can occur while processing the fastboot boot command when verified boot is disabled, if the command length exceeds the boot image buffer. This affects the bootloader component and is described with a high-severity, local attack surf...
CVE-2017-9689
CVE-2017-9689 is linked to stack memory corruption via HDMI CEC in the Qualcomm HDMI driver, affecting Android for MSM and related CAF/Linux-based builds. Connected sources corroborate the issue across Android for MSM, Firefox OS for MSM, and QRD Android, with the HDMI driver listed as the compon...
CVE-2017-9710
CVE-2017-9710 is described as a buffer overflow in the IOCTL path used to send QMI NOTIFY REQ messages in Android for MSM, Firefox OS for MSM, and CAF Android builds using the Linux kernel. The root cause is that the IOCTL interface can be invoked from multiple contexts, enabling a buffer overflo...
CVE-2017-9718
Technical details for CVE-2017-9718 are not publicly available in the provided connected documents. The description mentions a race condition in a multimedia driver but does not specify affected products, versions, root cause, or fixes. Monitor for updates.
CVE-2017-9719
CVE-2017-9719 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel with the MDSS HDMI CEC kernel driver. The issue is a buffer overflow in HDMI CEC parsing when the frame size is out of range, potentially enabling local code execution with high impact on conf...
CVE-2018-11265
CVE-2018-11265 concerns a buffer overflow in Qualcomm MProc when Android CAF/Linux kernel handles log_buf with a uint64_t; the log_buf pointer may access memory beyond bounds when incremented in memcpy. Multiple sources (NVD entry and CNVD/PRION-style mappings) associate this with Android on Pixe...
CVE-2018-11266
CVE-2018-11266 affects Android builds (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. The root cause is improper input validation that can allow access to already freed dci client entries when closing a dci client. Public details in NVD/CVE records indicate a l...
CVE-2018-11281
CVE-2018-11281 describes a use-after-free condition in CAF-based Android variants (Android for MSM, Firefox OS for MSM, QRD Android) due to unsafe handling of IPA_IOC_MDFY_RT_RULE IOCTL header entries. If called for entries that were previously deleted, the header is used without proper validatio...
CVE-2018-11302
CVE-2018-11302 corresponds to a WLAN buffer overflow issue described in Qualcomm CAF Android variants (Android for MSM, Firefox OS for MSM, QRD Android) where input from userspace could be copied into a kernel buffer without proper validation. The CVE is listed under the Qualcomm component mappin...
CVE-2018-11868
CVE-2018-11868 describes a buffer overflow in the nan response event handler due to lack of length validation for values received from firmware. The issue affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) derived from CAF using the Linux kernel, with the root cause being...
CVE-2018-11897
The CVE-2018-11897 entry concerns CAF Android/Linux kernel WLAN code. Affected: Android releases (Android for MSM, Firefox OS for MSM, QRD Android) using CAF’s Linux kernel. The issue occurs while processing a diag event after connecting to a network, where an out-of-bounds read can occur if the ...
CVE-2018-21041
CVE-2018-21041 affects Samsung mobile devices running O(8.x). The issue allows access to the Gallery inside the Secure Folder without authentication. The vulnerability is rooted in the Secure Folder access flow (exact root cause not detailed in the provided documents). Impact is elevated: unautho...
CVE-2018-21051
The CVE-2018-21051 entry concerns Samsung mobile devices with Exynos N(7.x) and O(8.x) software, where an invalid free in the fingerprint Trustlet can lead to arbitrary code execution. The vulnerability is supported by multiple connected records (e.g., NVD, Red Hat, CNVD) that describe the same i...
CVE-2018-21071
Technical details about CVE-2018-21071 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories for affected products and remediation.
CVE-2018-3560
CVE-2018-3560 describes a double-free in the Android sound path. Affected products include Android for MSM, Firefox OS for MSM, and QRD Android with CAF Linux-kernel branches. The root cause is a double-free in the Audio Driver when opening a sound compression device, leading to potential misuse ...
CVE-2018-3565
CVE-2018-3565 affects Qualcomm WLAN/CAF Android devices where lim_send_sme_probe_req_ind() in the WLAN stack of the Linux kernel can overflow a buffer during probe request indication. The issue is documented across multiple sources as a buffer overflow in the Android CAF/Linux kernel path used fo...
CVE-2018-3579
The CVE-2018-3579 issue affects the WLAN driver in CAF Android builds (Android for MSM, Firefox OS for MSM, QRD Android) that use the Linux kernel. The root cause is that event->num_entries_in_page, a value received from firmware, is not properly validated, which can lead to a buffer over-read...
CVE-2018-3584
CVE-2018-3584 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds (CAF) with Linux kernels older than the 2018-04-05 patch level. The issue is a Use After Free in rmnet_usb_ctrl_init(), impacting the rmnet_usb component. In the NVD entry, CVSS v3.0 is 7.5 (HIGH) with netw...
CVE-2018-3596
CVE-2018-3596 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds that use CAF Android with the Linux kernel versions prior to the 2018-04-05 patch level. The vulnerability stems from legacy code that remained vulnerable after migration, with the note that this legacy cod...
CVE-2018-3597
CVE-2018-3597 affects the ADSP RPC driver in Android CAF builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). Before the 2018-06-05 security patch level, this issue could allow an arbitrary kernel write via a local attack on vulnerable devices. The CVSS metrics in the...
CVE-2018-5826
CVE-2018-5826 describes a race condition leading to a Use-After-Free in the Qualcomm WLAN driver (qcacld-3.0 HDD driver) affecting Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android on CAF builds with Linux kernels before the 2018-04-05 patch level. The root cause is a race in the WLAN...
CVE-2018-5853
CVE-2018-5853 describes a race condition in a driver used by CAF Android for MSM (Linux kernel variants) including Android for MSM, Firefox OS for MSM, and QRD Android. The issue potentially leads to a use-after-free condition. Impact details in the provided sources indicate local attack requirem...
CVE-2018-5919
CVE-2018-5919 affects the Qualcomm QCACLD-2.0 WLAN host driver in Android CAF/Linux kernels (Android for MSM, QRD Android). The issue is a use-after-free in the WLAN host driver that can cause the device to reboot. Public remediation references include a CodeAurora patch (commit 81a80c9973833f7cd...
CVE-2018-9454
CVE-2018-9454 affects Android (Android 6.0–8.1). Root cause: in bnep_data_ind of bnep_main.cc, a missing bounds check allows an out-of-bounds read, leading to possible local information disclosure without extra privileges. Impact is information disclosure; exploitation requires local access and d...
CVE-2018-9476
CVE-2018-9476 affects Android 8.0–8.1 via the Bluetooth stack: avrc_pars_browsing_cmd in avrc_pars_tg.cc, where a use-after-free caused by improper locking can enable remote privilege escalation with no user interaction. Exploitation is described as remote, with no additional execution privileges...