8153 matches found
CVE-2017-13170
CVE-2017-13170 is an elevation of privilege in the MediaTek display driver used by Android. The issue affects the Android kernel via the MediaTek display driver component and is described as a local EoP vulnerability with potential to gain privileged execution. The Android 2017-12-01/2017-12-05 s...
CVE-2017-13198
CVE-2017-13198 affects the Android media framework (ex) and is linked to the composition of frames lacking a color map. Affected versions are Android 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The vulnerability is described as a DoS risk with impact on availability (per NVD metrics: HIGH) and is categorize...
CVE-2017-13200
CVE-2017-13200 is an information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. The consolidating sources identify the affected Android versions as 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The vulnerability is classified as ID (information disclosure) with ...
CVE-2017-13201
CVE-2017-13201 is an information-disclosure vulnerability in Android’s media framework (mediadrm). Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The Pixel/Nexus security bulletin groups this under Media framework and marks it as Moderate severity, with CVSS...
CVE-2017-13202
CVE-2017-13202 is an information-disclosure vulnerability in Android’s media framework component libeffects . Affects Android releases listed in the entry: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. The connected documents consistently describe the issue as a libeffects information-disclosur...
CVE-2017-13203
CVE-2017-13203 is a disclosed vulnerability in the Android media framework (libavc) that enables information disclosure. Affected products/versions: Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Root cause is in libavc within the Media framework; CVSS details indicate Confidentiality impact HIGH (or PARTI...
CVE-2017-13207
CVE-2017-13207 is an information-disclosure vulnerability in Android’s Media Framework (stagefright mpeg4writer) affecting Android 7.0, 7.1.1, 7.1.2 and 8.0. The issue is documented by NVD and reflected in the Pixel/Nexus bulletin under the Media framework. Affected component: stagefright mpeg4wr...
CVE-2017-13225
CVE-2017-13225 describes a heap buffer overflow in MTK Media (MTK MTK Media) within libMtkOmxVdec.so that could enable local elevation of privilege and code execution in a privileged Android process. Exploitation is described as requiring user interaction, with the impact stated as remote-like pr...
CVE-2017-13241
CVE-2017-13241 is an information-disclosure vulnerability in the Android media framework component libstagefright_soft_avcenc . Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The connected sources confirm the issue is an information disclosure vulnerability ...
CVE-2017-14870
CVE-2017-14870 affects Android for MSM/CAF Linux-based Android (Android builds using CAF), specifically involving 1088 bytes of stack memory leakage during eMMC recovery message updates. The vulnerability is categorized as information disclosure with partial confidentiality impact and could be ex...
CVE-2017-14875
CVE-2017-14875 describes a heap overread in the ioctl handler VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE used by Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-05-23. The provided documents name the affected environments and the general vulnerability class but do not provide further root...
CVE-2017-14894
CVE-2017-14894 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF with the Linux kernel prior to the 2018-04-05 patch level. In wma_vdev_start_resp_handler(), the vdev_id received from firmware can exceed the maximum BSSID stored in wma_handle->interfaces, l...
CVE-2017-15829
CVE-2017-15829 is a Qualcomm Graphics_Linux component vulnerability reported as a race condition in the GPU driver that can lead to a Use-After-Free. The issue is listed as Elevation of Privilege (EoP) and is associated with Qualcomm’s graphics stack on CAF Android builds using the Linux kernel. ...
CVE-2017-15850
CVE-2017-15850 affects Android for MSM, Firefox OS for MSM, and QRD Android on CAF builds using the Linux kernel; described impact is that userspace can read values from audio codec registers. The connected documents do not provide concrete root-cause details or a remediation/fix. No exploitation...
CVE-2017-15857
CVE-2017-15857 is an out-of-bounds access vulnerability in the camera driver of Android CFAs (Android for MSM, Firefox OS for MSM, QRD Android) linked to an error when copying region params from user space in the Linux kernel. Affected product area: camera subsystem/kernell driver in Android rele...
CVE-2017-18063
CVE-2017-18063 affects Android for MSM (CAF Linux kernel) with WLAN firmware; the issue is improper input validation for nlo_event in wma_nlo_match_evt_handler(), which can cause out-of-bounds memory access. Affected products are Android builds for MSM/CAF and related devices using the Linux kern...
CVE-2017-8273
CVE-2017-8273: In Qualcomm CAF Android builds, a buffer overflow can occur while processing the fastboot boot command when verified boot is disabled, if the command length exceeds the boot image buffer. This affects the bootloader component and is described with a high-severity, local attack surf...
CVE-2017-9689
CVE-2017-9689 is linked to stack memory corruption via HDMI CEC in the Qualcomm HDMI driver, affecting Android for MSM and related CAF/Linux-based builds. Connected sources corroborate the issue across Android for MSM, Firefox OS for MSM, and QRD Android, with the HDMI driver listed as the compon...
CVE-2017-9710
CVE-2017-9710 is described as a buffer overflow in the IOCTL path used to send QMI NOTIFY REQ messages in Android for MSM, Firefox OS for MSM, and CAF Android builds using the Linux kernel. The root cause is that the IOCTL interface can be invoked from multiple contexts, enabling a buffer overflo...
CVE-2017-9718
Technical details for CVE-2017-9718 are not publicly available in the provided connected documents. The description mentions a race condition in a multimedia driver but does not specify affected products, versions, root cause, or fixes. Monitor for updates.
CVE-2017-9719
CVE-2017-9719 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel with the MDSS HDMI CEC kernel driver. The issue is a buffer overflow in HDMI CEC parsing when the frame size is out of range, potentially enabling local code execution with high impact on conf...
CVE-2018-11265
CVE-2018-11265 concerns a buffer overflow in Qualcomm MProc when Android CAF/Linux kernel handles log_buf with a uint64_t; the log_buf pointer may access memory beyond bounds when incremented in memcpy. Multiple sources (NVD entry and CNVD/PRION-style mappings) associate this with Android on Pixe...
CVE-2018-11266
CVE-2018-11266 affects Android builds (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. The root cause is improper input validation that can allow access to already freed dci client entries when closing a dci client. Public details in NVD/CVE records indicate a l...
CVE-2018-11281
CVE-2018-11281 describes a use-after-free condition in CAF-based Android variants (Android for MSM, Firefox OS for MSM, QRD Android) due to unsafe handling of IPA_IOC_MDFY_RT_RULE IOCTL header entries. If called for entries that were previously deleted, the header is used without proper validatio...
CVE-2018-11302
CVE-2018-11302 corresponds to a WLAN buffer overflow issue described in Qualcomm CAF Android variants (Android for MSM, Firefox OS for MSM, QRD Android) where input from userspace could be copied into a kernel buffer without proper validation. The CVE is listed under the Qualcomm component mappin...
CVE-2018-11868
CVE-2018-11868 describes a buffer overflow in the nan response event handler due to lack of length validation for values received from firmware. The issue affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) derived from CAF using the Linux kernel, with the root cause being...
CVE-2018-11897
The CVE-2018-11897 entry concerns CAF Android/Linux kernel WLAN code. Affected: Android releases (Android for MSM, Firefox OS for MSM, QRD Android) using CAF’s Linux kernel. The issue occurs while processing a diag event after connecting to a network, where an out-of-bounds read can occur if the ...
CVE-2018-14982
According to CNVD-2020-28452, CVE-2018-14982 affects LG devices based on Android 6.0–8.1, with the GNSS application performing incorrect access control. The root cause is described as an access-control flaw that could let a remote attacker gain access to the GNSS app. The connected sources indica...
CVE-2018-21041
CVE-2018-21041 affects Samsung mobile devices running O(8.x). The issue allows access to the Gallery inside the Secure Folder without authentication. The vulnerability is rooted in the Secure Folder access flow (exact root cause not detailed in the provided documents). Impact is elevated: unautho...
CVE-2018-21044
CVE-2018-21044 affects Samsung mobile devices running N(7.x) and O(8.0). The issue is a buffer overflow in the sem Trustlet that can lead to arbitrary TEE code execution. Samsung IDs: SVE-2018-13230/13231/13232/13233. Connected sources confirm the fault and indicate a Samsung security update refe...
CVE-2018-21062
The CVE-2018-21062 entry covers Samsung mobile devices running N(7.x) and O(8.x). The vulnerability allows an attacker to view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder by connecting an external device when biometric authentication is disabled. The underlying impact is...
CVE-2018-21071
Technical details about CVE-2018-21071 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories for affected products and remediation.
CVE-2018-21079
CVE-2018-21079 affects Samsung mobile devices on L/M/N/O releases, with a kernel pointer leak in the USB gadget driver (SVE-2017-10993). The Red Hat and CNVD entries corroborate the issue as described, but the connected documents do not provide specific affected component versions beyond the gene...
CVE-2018-21085
CVE-2018-21085 affects Samsung mobile devices running L(5.x), M(6.0), and N(7.x) with a race condition leading to use-after-free in the vnswap_deinit_backing_storage path. The issue is documented under Samsung’s SVE-2017-11176 identity; no remediation details are provided in the connected sources...
CVE-2018-21092
CVE-2018-21092 affects Samsung mobile devices running M(6.x) and N(7.x). A crafted AT command can be delivered via an NFC tag by the DeviceTest application, leading to potential issue exposure on affected devices. The Red Hat/NVD entries reiterate the same description; no explicit exploitation de...
CVE-2018-3560
CVE-2018-3560 describes a double-free in the Android sound path. Affected products include Android for MSM, Firefox OS for MSM, and QRD Android with CAF Linux-kernel branches. The root cause is a double-free in the Audio Driver when opening a sound compression device, leading to potential misuse ...
CVE-2018-3565
CVE-2018-3565 affects Qualcomm WLAN/CAF Android devices where lim_send_sme_probe_req_ind() in the WLAN stack of the Linux kernel can overflow a buffer during probe request indication. The issue is documented across multiple sources as a buffer overflow in the Android CAF/Linux kernel path used fo...
CVE-2018-3579
The CVE-2018-3579 issue affects the WLAN driver in CAF Android builds (Android for MSM, Firefox OS for MSM, QRD Android) that use the Linux kernel. The root cause is that event->num_entries_in_page, a value received from firmware, is not properly validated, which can lead to a buffer over-read...
CVE-2018-3584
CVE-2018-3584 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds (CAF) with Linux kernels older than the 2018-04-05 patch level. The issue is a Use After Free in rmnet_usb_ctrl_init(), impacting the rmnet_usb component. In the NVD entry, CVSS v3.0 is 7.5 (HIGH) with netw...
CVE-2018-3596
CVE-2018-3596 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds that use CAF Android with the Linux kernel versions prior to the 2018-04-05 patch level. The vulnerability stems from legacy code that remained vulnerable after migration, with the note that this legacy cod...
CVE-2018-5826
CVE-2018-5826 describes a race condition leading to a Use-After-Free in the Qualcomm WLAN driver (qcacld-3.0 HDD driver) affecting Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android on CAF builds with Linux kernels before the 2018-04-05 patch level. The root cause is a race in the WLAN...
CVE-2018-5853
CVE-2018-5853 describes a race condition in a driver used by CAF Android for MSM (Linux kernel variants) including Android for MSM, Firefox OS for MSM, and QRD Android. The issue potentially leads to a use-after-free condition. Impact details in the provided sources indicate local attack requirem...
CVE-2018-5919
CVE-2018-5919 affects the Qualcomm QCACLD-2.0 WLAN host driver in Android CAF/Linux kernels (Android for MSM, QRD Android). The issue is a use-after-free in the WLAN host driver that can cause the device to reboot. Public remediation references include a CodeAurora patch (commit 81a80c9973833f7cd...
CVE-2018-9358
CVE-2018-9358 describes an out-of-bounds read in Bluetooth code path: in gatts_process_attribute_req (gatt_sc.cc), a missing bounds check can read uninitialized data, enabling remote information disclosure in the Bluetooth process without extra privileges and with no user interaction. Affected: A...
CVE-2018-9362
CVE-2018-9362 affects Android where InboundSmsHandler.java's processMessagePart has improper input validation, enabling remote denial of service with no privileges and no user interaction. Affected products include Android 6.x through 8.1. The connected documents confirm a DoS impact but do not p...
CVE-2018-9448
CVE-2018-9448 affects Android 8.0 and 8.1, with a vulnerability in avct_bcb_msg_ind (avct_bcb_act.cc) caused by a missing bounds check that could enable remote information disclosure without user interaction or additional privileges. The issue is categorized as an information-disclosure risk (no ...
CVE-2018-9454
CVE-2018-9454 affects Android (Android 6.0–8.1). Root cause: in bnep_data_ind of bnep_main.cc, a missing bounds check allows an out-of-bounds read, leading to possible local information disclosure without extra privileges. Impact is information disclosure; exploitation requires local access and d...
CVE-2018-9476
CVE-2018-9476 affects Android 8.0–8.1 via the Bluetooth stack: avrc_pars_browsing_cmd in avrc_pars_tg.cc, where a use-after-free caused by improper locking can enable remote privilege escalation with no user interaction. Exploitation is described as remote, with no additional execution privileges...
CVE-2018-9503
The CVE-2018-9503 entry describes an out-of-bounds read in rfc_process_mx_message() within rfc_ts_frames.cc, leading to remote information disclosure without requiring privileges or user interaction. Affected software includes Android versions 7.0 through 9.0. The vulnerability’s root cause is a ...
CVE-2018-9514
CVE-2018-9514 is a kernel vulnerability affecting Android devices, caused by a Use After Free in sdcardfs_open (file.c) that could enable local escalation of privilege without user interaction. The issue is within the Android kernel and is listed in the 2018-10 Android security bulletin; patch gu...