8153 matches found
CVE-2016-3929
CVE-2016-3929 is a Qualcomm component elevation/privilege issue in Android on Nexus 5X and 6P, caused by internal bug 28823675. Affected: Qualcomm components in Android prior to the 2016-10-05 patch. Severity: High (NVD CVSS v2/v3 show 9.8–10.0). Remediation: Android 2016-10-01/10-05 patch levels...
CVE-2016-6674
CVE-2016-6674 is an elevation-of-privilege vulnerability in Android's system_server on Nexus devices (pre-2016-10-05) that lets a crafted application gain privileges due to internal bug 30445380. The issue enables privilege escalation to a privileged context within the system_server, with potenti...
CVE-2016-6681
CVE-2016-6681 describes an information disclosure vulnerability in the Qualcomm QDSP6v2 driver (drivers/misc/qcom/qdsp6v2/audio_utils.c) on Android devices prior to 2016-10-05, affecting Nexus 5X, Nexus 6P, and Android One. The issue stems from not initializing certain data structures, allowing a...
CVE-2016-6682
CVE-2016-6682 affects the Qualcomm QDSP6v2 driver: drivers/misc/qcom/qdsp6v2/audio_utils.c in Android on Nexus 5X, Nexus 6P, and Android One devices before 2016-10-05. Root cause: the code path fails to initialize certain data structures, enabling an attacker to obtain sensitive information via a...
CVE-2016-6684
CVE-2016-6684 is documented in the 2016-10-01/10-05 Android vulnerability details as an Information disclosure vulnerability in kernel components. The CVE is associated with Android kernel components (internal bug 30148243) and affects Nexus devices including Nexus 5, 5X, 6, 6P, 9, Nexus Player, ...
CVE-2016-6691
CVE-2016-6691 affects the Qualcomm Wi-Fi gbk2utf module in Android. The vulnerability allows remote attackers to cause a denial of service (framework crash) or potentially other unspecified impact by connecting to an AP presenting a malformed GBK-encoded SSID, due to improper handling in service/...
CVE-2016-6698
CV E-2016-6698 describes a local information-disclosure vulnerability in Qualcomm components used in Android (GPU driver, power driver, SMSM Point-to-Point driver, and sound driver) present in Android builds before 2016-11-05. The issue could allow a local malicious application to access data out...
CVE-2016-6713
CVE-2016-6713 describes a remote denial-of-service vulnerability in Android’s Mediaserver. A specially crafted file could cause a device hang or reboot on Android 6.x (before 2016-11-01) and 7.0 (before 2016-11-01). The issue is categorized as High/Medium depending on source, due to the remote im...
CVE-2016-7990
Samsung Galaxy S4–S7 are affected by an integer overflow in libomacp.so while parsing OMACP/WAP Push SMS messages, causing heap corruption with potential denial of service and remote code execution (as part of SVE-2016-6542). The vulnerability affects the OMACP parsing path and is documented in C...
CVE-2017-0431
CVE-2017-0431 is described as an elevation-of-privilege vulnerability affecting Qualcomm closed-source components within Android kernel space. The details indicate a Qualcomm AMSS/Qualcomm component issue with Android IDs and a vendor-internal severity (listed as Critical for the Qualcomm-related...
CVE-2017-13200
CVE-2017-13200 is an information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. The consolidating sources identify the affected Android versions as 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The vulnerability is classified as ID (information disclosure) with ...
CVE-2017-13201
CVE-2017-13201 is an information-disclosure vulnerability in Android’s media framework (mediadrm). Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The Pixel/Nexus security bulletin groups this under Media framework and marks it as Moderate severity, with CVSS...
CVE-2017-13203
CVE-2017-13203 is a disclosed vulnerability in the Android media framework (libavc) that enables information disclosure. Affected products/versions: Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Root cause is in libavc within the Media framework; CVSS details indicate Confidentiality impact HIGH (or PARTI...
CVE-2017-13207
CVE-2017-13207 is an information-disclosure vulnerability in Android’s Media Framework (stagefright mpeg4writer) affecting Android 7.0, 7.1.1, 7.1.2 and 8.0. The issue is documented by NVD and reflected in the Pixel/Nexus bulletin under the Media framework. Affected component: stagefright mpeg4wr...
CVE-2017-13219
CVE-2017-13219 affects the Android kernel Synaptics touchscreen controller. Connected sources identify a denial-of-service flaw in the Upstream kernel’s Synaptics touchscreen component, exploitable on Android devices (e.g., Pixel/Nexus context). The vulnerability is a DoS with potential impact on...
CVE-2017-13241
CVE-2017-13241 is an information-disclosure vulnerability in the Android media framework component libstagefright_soft_avcenc . Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The connected sources confirm the issue is an information disclosure vulnerability ...
CVE-2017-14870
CVE-2017-14870 affects Android for MSM/CAF Linux-based Android (Android builds using CAF), specifically involving 1088 bytes of stack memory leakage during eMMC recovery message updates. The vulnerability is categorized as information disclosure with partial confidentiality impact and could be ex...
CVE-2017-14914
CVE-2017-14914 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel. The issue arises when handles in the global client structure can become stale, per the NVD description. CVSS: 3.0/3.0 vector indicates Network attack, no user interaction, with High/CRITICAL...
CVE-2017-15844
CVE-2017-15844 affects CAF Android builds using the Linux kernel. During processing of the function that writes device values into flash, uninitialized memory can be written to flash. This can lead to information disclosure (CONFIDENTIALITY impact) with a local attacker, no user interaction requi...
CVE-2017-15845
CVE-2017-15845 affects Android/CAF Qualcomm WLAN stack (Android for MSM, Firefox OS for MSM, QRD Android) with the Linux kernel, where an invalid (negative) user-space firmware size input during WLAN cal data store can cause memory leak or a buffer overflow. The root cause is a negative firmware ...
CVE-2017-15847
CVE-2017-15847. A race condition in the SPCom kernel driver on Android for MSM (CAF Linux kernel lineage) during channel creation. Affected: Android variants using CAF/Linux kernel with SPCom. Impact per NVD: partial confidentiality/integrity/availability impact; CVSSv3 base score 7.0 (HIGH), LOC...
CVE-2017-15854
CVE-2017-15854 concerns a local vulnerability in Qualcomm WLAN firmware used on Android CAF builds (Android for MSM, Firefox OS for MSM, QRD Android). The issue arises when fix_param->num_chans from firmware is too large, causing an integer overflow in wma_radio_chan_stats_event_handler() for ...
CVE-2017-18063
CVE-2017-18063 affects Android for MSM (CAF Linux kernel) with WLAN firmware; the issue is improper input validation for nlo_event in wma_nlo_match_evt_handler(), which can cause out-of-bounds memory access. Affected products are Android builds for MSM/CAF and related devices using the Linux kern...
CVE-2017-18691
Samsung mobile devices with Exynos8890 (M6.0 and N7.0) are affected by multiple buffer overflows in TSP sysfs cmd_store. Root cause: unsafe handling in TSP sysfs cmd_store leading to buffer overflows. Impact: described as buffer overflows with high/critical severity (CVSS v3.1: 9.8; network acces...
CVE-2017-6263
NVIDIA driver on Android contains a use-after-free vulnerability caused by improper use of the list_for_each kernel macro, potentially enabling local code execution and privilege escalation. Severity is high; exploitation is local and requires no user interaction per the provided data. The issue ...
CVE-2017-9717
CVE-2017-9717 affects Android for MSM, Firefox OS for MSM, and QRD Android builds based on CAF Linux kernel, where Netlink attribute parsing can trigger a buffer overread in WLAN-related code. The vulnerability is described across multiple sources as a buffer overread that may impact confidential...
CVE-2018-11274
CVE-2018-11274 is documented in the Pixel Security Bulletin under Qualcomm components (Audio). The entry classifies it as a moderate-impact audio buffer overflow affecting Qualcomm Audio; no exploitation details are provided in the supplied documents. The bulletin notes security patch levels of 2...
CVE-2018-11278
CVE-2018-11278 affects CAF Venus HW in Android for MSM, Firefox OS for MSM, and QRD Android builds. The vulnerability occurs when Venus HW decodes input bit stream buffers: it searches for a start code, and if the start code is not found in the entire buffer, the implementation may over-fetch bey...
CVE-2018-11300
CVE-2018-11300 affects Qualcomm WLAN Host in CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) where a callback from a worker thread frees memory still in use by the WLAN subsystem, creating a classic Use‑After‑Free condition. This can impact kernel-level security in devices...
CVE-2018-11832
CVE-2018-11832: A heap overflow in the PMIC function due to missing input-size validation affects CAF Android builds (Android for MSM, Firefox OS for MSM, QRD Android). Root cause: lack of input size validation before copying to a buffer. Impact: heap overflow as described in the CVE; exploitatio...
CVE-2018-11863
The CVE-2018-11863 issue affects Android variants built on CAF Linux kernel. The root cause is a missing input length check when processing firmware data to determine the length of the WMA roam synch buffer, which can lead to a buffer overwrite during memcpy. The vulnerability is categorized unde...
CVE-2018-11894
CVE-2018-11894 is listed in Qualcomm WLAN HOST components with High severity. The provided documents indicate the issue arises from an integer overflow while processing preferred network offload scan results, which may lead to a buffer overflow when a large frame length is received from the firmw...
CVE-2018-11984
CVE-2018-11984 affects Android releases based on CAF/Linux DIAG driver. A use-after-free and an out-of-bounds access in the DIAG driver can lead to a local, high-impact condition. The accompanying CVSS3 base score is 7.8 (HIGH); CVSS2 is 4.6 (MEDIUM). The provided documents do not include exploit...
CVE-2018-14982
According to CNVD-2020-28452, CVE-2018-14982 affects LG devices based on Android 6.0–8.1, with the GNSS application performing incorrect access control. The root cause is described as an access-control flaw that could let a remote attacker gain access to the GNSS app. The connected sources indica...
CVE-2018-21044
CVE-2018-21044 affects Samsung mobile devices running N(7.x) and O(8.0). The issue is a buffer overflow in the sem Trustlet that can lead to arbitrary TEE code execution. Samsung IDs: SVE-2018-13230/13231/13232/13233. Connected sources confirm the fault and indicate a Samsung security update refe...
CVE-2018-21048
CVE-2018-21048 affects Samsung mobile devices running O(8.x) software. The vulnerability manifests as a notification leak on a locked device when in Standalone Dex mode, linked to Samsung’s internal ID SVE-2018-12925. No specific affected models, firmware versions, root cause details, exploit vec...
CVE-2018-21051
The CVE-2018-21051 entry concerns Samsung mobile devices with Exynos N(7.x) and O(8.x) software, where an invalid free in the fingerprint Trustlet can lead to arbitrary code execution. The vulnerability is supported by multiple connected records (e.g., NVD, Red Hat, CNVD) that describe the same i...
CVE-2018-21056
CVE-2018-21056 affects Samsung mobile devices running O(8.x). The issue involves Smartwatch displaying Secure Folder Notification content, as described across multiple feeds (Samsung security advisory, Red Hat CVE page, NVD entry). The core impact is unintended disclosure of Secure Folder notific...
CVE-2018-21062
The CVE-2018-21062 entry covers Samsung mobile devices running N(7.x) and O(8.x). The vulnerability allows an attacker to view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder by connecting an external device when biometric authentication is disabled. The underlying impact is...
CVE-2018-21079
CVE-2018-21079 affects Samsung mobile devices on L/M/N/O releases, with a kernel pointer leak in the USB gadget driver (SVE-2017-10993). The Red Hat and CNVD entries corroborate the issue as described, but the connected documents do not provide specific affected component versions beyond the gene...
CVE-2018-21085
CVE-2018-21085 affects Samsung mobile devices running L(5.x), M(6.0), and N(7.x) with a race condition leading to use-after-free in the vnswap_deinit_backing_storage path. The issue is documented under Samsung’s SVE-2017-11176 identity; no remediation details are provided in the connected sources...
CVE-2018-21092
CVE-2018-21092 affects Samsung mobile devices running M(6.x) and N(7.x). A crafted AT command can be delivered via an NFC tag by the DeviceTest application, leading to potential issue exposure on affected devices. The Red Hat/NVD entries reiterate the same description; no explicit exploitation de...
CVE-2018-3568
CVE-2018-3568 is a WLAN buffer-overflow vulnerability reported in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds prior to the 2018-04-05 patch level. The issue occurs in __wlan_hdd_cfg80211_vendor_scan() and can lead to a buffer overwrite. Connected sources confirm the code ...
CVE-2018-5862
CVE-2018-5862 concerns Android CAF builds using the Linux kernel. In __wlan_hdd_cfg80211_vendor_scan(), when parsing SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES, a buffer overwrite can potentially occur in all Android releases before patch level 2018-07-05. CVSS data in the entry shows l...
CVE-2018-5897
CVE-2018-5897 affects Qualcomm diag in Android CAF/Linux kernel on Android for MSM, Firefox OS for MSM, and QRD Android. The issue stems from improper validation of len in dci_process_ctrl_status(), causing a buffer over-read that can disclose data (information disclosure). Public references indi...
CVE-2018-5898
CVE-2018-5898 describes an integer overflow in the function msm_pcm_adsp_stream_cmd_put() within CAF Android for MSM Linux kernel code before the 2018-06-05 patch level. If user-supplied param_length exceeds a limit, the issue can affect local confidentiality, integrity, and availability (high im...
CVE-2018-5907
The CVE-2018-5907 entry describes a vulnerability in the Qualcomm Audio DSP path: the function msm_adsp_stream_callback_put allows a buffer overflow due to insufficient input validation of user-provided data, leading to an integer overflow. Affected are Android for MSM, Firefox OS for MSM, and QR...
CVE-2018-6254
CVE-2018-6254 affects Android devices with NVIDIA Media Server prior to the 2018-05-05 patch level. The issue is an out-of-bounds read caused by improper input validation, enabling local information disclosure. The vulnerability is rated Moderate (CVSS v3 base score 3.3 / LOW) with Local access a...
CVE-2018-9358
CVE-2018-9358 describes an out-of-bounds read in Bluetooth code path: in gatts_process_attribute_req (gatt_sc.cc), a missing bounds check can read uninitialized data, enabling remote information disclosure in the Bluetooth process without extra privileges and with no user interaction. Affected: A...
CVE-2018-9362
CVE-2018-9362 affects Android where InboundSmsHandler.java's processMessagePart has improper input validation, enabling remote denial of service with no privileges and no user interaction. Affected products include Android 6.x through 8.1. The connected documents confirm a DoS impact but do not p...