8153 matches found
CVE-2014-9924
Technical details about CVE-2014-9924 are not provided in the supplied connected documents. Public information appears limited to a Signed to Unsigned Conversion Error in CAF Linux kernel. Monitor for updates.
CVE-2014-9936
CVE-2014-9936 describes a time-of-check time-of-use race condition in TrustZone used during authentication on Android devices that use CAF/Linux kernel. Connected sources indicate the issue affects Android releases prior to 7.0 in TrustZone authentication routines, implying a potential impact to ...
CVE-2014-9981
CVE-2014-9981 is reported as a Qualcomm component issue. The connected data indicate a buffer/overflow concern in the USB interface during boot for Qualcomm components used in Android CAF builds running the Linux kernel. The root cause is described as an insufficient overflow check in the USB int...
CVE-2015-3862
CVE-2015-3862 affects mediaserver in Android prior to 5.1.1 LMY48T, where processing of media data can crash the mediaserver, causing a denial of service. The primary description specifies an unspecified vector; the CVE entry is listed as a low-severity DoS in Mediaserver per Android bulletin det...
CVE-2015-3869
Affected software/impacted component: Android’s media processing stack, specifically libstagefright in versions prior to 5.1.1 LMY48T. Vulnerability: A crafted media file can trigger memory corruption in mediaserver, enabling remote code execution or a denial of service. Root cause as stated: mem...
CVE-2015-6611
The CVE-2015-6611 entry describes a vulnerability in Android’s mediaserver prior to 5.1.1 LMY48X and 6.0 before 2015-11-01 that allows remote attackers to obtain sensitive information and thereby bypass an unspecified protection mechanism. The issue is categorized as an information-disclosure vul...
CVE-2015-6642
CVE-2015-6642 is an information-disclosure vulnerability in the Android kernel that could allow a local attacker to obtain sensitive data and bypass a protection mechanism. Affected platforms include Android kernels prior to 5.1.1 LMY49F and before 2016-01-01 on 6.0. The primary impact is leakage...
CVE-2015-9002
This CVE concerns Google Android TrustZone, where a DRM routine in the TrustZone DRM path can suffer an out-of-range pointer offset (integer overflow) vulnerability. Connected CNVD entry explicitly states an integer overflow in the TrustZone DRM routine exists on Android, and that an attacker cou...
CVE-2016-2493
CVE-2016-2493 describes an elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver used by Android on Nexus devices (N5, N6, N6P, 7 (2013), Nexus Player, Pixel C) prior to 2016-06-01. A local attacker could exploit a crafted application to gain privileged access (internal bug 26571522)....
CVE-2016-2494
CVE-2016-2494 involves an off-by-one error in sdcard/sdcard.c on Android, enabling a local attacker to gain privileges via a crafted app. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-06-01. Root cause: off-by-one in sdcard.c leading to Elevation of P...
CVE-2016-3889
CVE-2016-3889 describes a Factory Reset Protection (FRP) bypass in Android 6.x and 7.0 prior to September 1, 2016. Attackers with physical access could trigger the bypass during pre-setup by exploiting (1) an external tile from a system app, (2) the Help feature, or (3) the Settings app, associat...
CVE-2016-6744
CVE-2016-6744: Elevation of privilege in the Synaptics touchscreen driver for Android. A local malicious app could execute arbitrary kernel code via the Synaptics driver, with impact classified as High. Affected software is Android devices using the Synaptics touchscreen driver prior to the 2016-...
CVE-2016-6768
CVE-2016-6768: A remote code execution vulnerability in the Framesequence library could allow an attacker to run arbitrary code in an unprivileged process by reading a specially crafted file. Affected product/stack: Android, with Framesequence library present in versions 5.0.2, 5.1.1, 6.0, 6.0.1,...
CVE-2016-6773
CVE-2016-6773 describes an information-disclosure vulnerability in the ih264d decoder of Mediaserver on Android (versions 6.0, 6.0.1, 7.0). A local malicious app could access data outside its permission levels due to Mediaserver’s handling in the ih264d component. The issue is categorized as Mode...
CVE-2017-0398
CVE-2017-0398 is an information-disclosure vulnerability in Android’s Audioserver. According to the sources, it could allow a local malicious application to access data outside of its permission levels. Affected products/versions are Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, with Andro...
CVE-2017-0426
Summary: CVE-2017-0426 is a local information-disclosure vulnerability in the Android Filesystem affecting Android 7.0 and 7.1.1. The issue could allow a local malicious app to access data outside its permission levels. Root cause is described as an information-disclosure weakness in the Filesyst...
CVE-2017-0469
CVE-2017-0469 (Mediaserver, Android) : A remote code execution vulnerability arises from memory corruption during media file/data processing in Mediaserver. A crafted file can trigger the issue, potentially allowing code execution within the Mediaserver process. Affected product/versions: Android...
CVE-2017-0495
CVE-2017-0495 is an information-disclosure vulnerability in Android Mediaserver that could allow a local malicious app to access data beyond its permission levels. Affected: Android 6.0–7.1.1. Impact: partial confidentiality breach; no exploitation details or patches are provided in the documents.
CVE-2017-0505
CVE-2017-0505 is an elevation-of-privilege issue in MediaTek components (M4U, sound, touchscreen, GPU, and Command Queue drivers) for Android. A local attacker could execute arbitrary code in the kernel context. The 2017-03 Android bulletin lists CVE-2017-0505 with Android ID A-31822282 and notes...
CVE-2017-0558
CVE-2017-0558 is an information-disclosure vulnerability in the Android Mediaserver. A local malicious application could access data outside its permission levels on affected Android versions (4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1). The CVSS scores in the initial description indicate a conf...
CVE-2017-0566
CVE-2017-0566 describes an elevation of privilege in the MediaTek camera driver for Android, enabling a local malicious application to execute arbitrary code in the kernel context. The issue affects the MediaTek camera driver within Android’s stack and is categorized as High due to requiring comp...
CVE-2017-0645
CVE-2017-0645 describes an elevation-of-privilege vulnerability in Android’s Bluetooth stack. A local malicious application could access data outside its permission levels. Affected products/versions: Android 6.0.1, 7.0, 7.1.1, 7.1.2. Root cause: Bluetooth exposure allowing unauthorized data acce...
CVE-2017-0649
CVE-2017-0649 is a MediaTek sound driver Elevation of Privilege vulnerability in Android. A local malicious app could exploit a flaw in the kernel context via the sound driver to execute arbitrary code. The issue is classified as Moderate due to the need to compromise a privileged process and vul...
CVE-2017-0727
CVE-2017-0727 is a documented elevation-of-privilege vulnerability in the Android media framework, specifically the libgui component. Public CNVD details describe the issue as affecting Android versions 7.0, 7.1.1, and 7.1.2 , enabling a remote attacker to execute arbitrary code with elevated pri...
CVE-2017-0775
CVE-2017-0775 is a DoS in Android’s media framework libstagefright. Affects Android versions 4.4.4–8.0 (including 8.0). The NVD CVSSv3 base score is 5.5 (Medium) with Local attack vector, Low attack complexity, requiring user interaction, and High availability impact. CVSSv2 base score is 7.1 (Hi...
CVE-2017-0810
CVE-2017-0810 describes a remote code execution vulnerability in Android’s media framework (libmpeg2). Affected products/versions include Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The root cause is a flaw in the libmpeg2 component within the Android Media framework that could allow arbitrar...
CVE-2017-0824
CVE-2017-0824 is a Privilege Elevation vulnerability in the Broadcom WiFi driver affecting Android kernel space. The issue enables elevation of privileges via the Broadcom WiFi component on affected Android devices. The vulnerability is categorized as EoP with a moderate impact in the Android eco...
CVE-2017-0827
CVE-2017-0827 is an Elevation of Privilege vulnerability in the MediaTek SoC driver within the Android kernel. Affects Android devices with MediaTek SoC driver stack; root cause is a flaw in the SoC driver that could allow a local attacker to execute arbitrary code within a privileged process con...
CVE-2017-0848
CVE-2017-0848 is an information-disclosure vulnerability in the Android media framework, specifically within the libeffects component. The Pixel/Nexus security bulletin (and related records) attributes this issue to the Media framework with an impact category of Information Disclosure and lists a...
CVE-2017-11000
CVE-2017-11000 affects Qualcomm components: specifically the Camera driver within Android CAF builds using the Linux kernel ISP Camera driver function. The root cause is an incorrect bounds check that may lead to an out-of-bounds write, described as an Elevation of Privilege (EoP) issue in the Qu...
CVE-2017-11014
CVE-2017-11014 describes a buffer overflow in the Android/CAF/Linux kernel stack when parsing a Measurement Request IE in a Roam Neighbor Action Report. Affected products include Android for MSM, Firefox OS for MSM, and QRD Android with CAF Linux kernel releases. The CVSS data indicates high impa...
CVE-2017-11028
CVE-2017-11028 affects the Android MSM ISP Camera driver; the vulnerability allows leakage of contents from an arbitrary kernel address to userspace via msm_isp_get_stream_common_data(). Connected sources confirm this is an information-disclosure issue in the Camera subsystem within Android/Linux...
CVE-2017-11073
CVE-2017-11073 is a Qualcomm Networking subsystem vulnerability affecting Android on MSM/CAF/Linux kernel builds. The qcacld pktlog allows a local attacker to map memory to user space via /proc/ath_pktlog/cld, enabling potentially exposure or modification of memory. Public details specify LOCAL a...
CVE-2017-13190
CVE-2017-13190 is a vulnerability in the Android media framework (libhevc) related to ps_codec_obj memory allocation failures. The affected software is Android (Media framework/libhevc) on versions 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The documented impact is denial of service (availability impact = ...
CVE-2017-13281
CVE-2017-13281 affects Android 8.0–8.1, where avrc_pars_browsing_cmd in avrc_pars_tg.cc can overflow a stack buffer due to an improper bounds check, enabling remote code execution without user interaction. Affected product: Android OS; vulnerable component: avrc_pars_browsing_cmd (in avrc_pars_tg...
CVE-2017-13308
The CVE-2017-13308 entry describes a buffer overflow in an sscanf call within the Mediatek MTK TS Abts code path (tscpu_write_GPIO_out and mtkts_Abts_write in mtk_ts_Abts.c) caused by improper input validation. This could enable local privilege escalation with System execution privileges; exploit...
CVE-2017-13311
The provided connected documents confirm CVE-2017-13311 affects the Android Framework, specifically the read() function in ProcessStats.java, causing a read/write serialization issue that enables a permissions bypass. This can lead to local escalation of privilege, allowing an app to start an act...
CVE-2017-14917
CVE-2017-14917 affects Android ecosystems (Android for MSM, Firefox OS for MSM, QRD Android) with CAF Linux kernel variants. The issue stems from improper validation of buffer sizes in the message passing interface, enabling potential exploitation via crafted inputs. The CVSS data indicates a cri...
CVE-2017-18649
The CVE-2017-18649 issue affects Samsung mobile devices running N(7.x) software. The bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, enabling an attacker to boot with root privileges (SamFAIL). The Samsung ID is SVE-2017-10465. No additional technical det...
CVE-2017-18690
CVE-2017-18690 involves a buffer overflow in the sensor hub of certain Samsung mobile devices. Affected platforms include KK (4.4), L (5.0/5.1), M (6.0), and N (7.0) with Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets. The available public description notes a sensor-hub buffer overflo...
CVE-2017-6276
CVE-2017-6276 affects NVIDIA mediaserver/OpenMax component (LIBNVMMLITE_VIDEO.SO). The issue is a use-after-free caused by referencing memory after it has been freed, leading to potential denial of service and possible elevation of privileges. NVIDIA’s NVIDIA SHIELD Tablet bulletin lists CVE-2017...
CVE-2017-6295
Affected software/hardware: NVIDIA TrustZone Software (Keymaster) in NVIDIA SHIELD TV SE 6.2 and earlier. Vulnerability: reads data past the end or before the beginning of the intended buffer, potentially leading to denial of service or information disclosure. Impact/Severity: rated high (CVE-201...
CVE-2017-7369
CVE-2017-7369 affects Android CAF builds using the Linux kernel. The vulnerability stems from an array index in an ALSA routine not properly validating input, which can potentially lead to kernel stack corruption. Public details in the provided documents describe the root cause and impact but do ...
CVE-2017-7370
CVE-2017-7370 is listed in connected sources as a Qualcomm video driver vulnerability (Video driver) causing an elevation of privilege (EoP) with Moderate severity. The detail consistently attributes the flaw to a race condition in the video driver within Android CAF/Linux kernel deployments. No ...
CVE-2017-8251
CVE-2017-8251 affects Qualcomm camera driver components in Android CAF builds on Linux kernels. The bug arises when msm_isp_check_stream_cfg_cmd and msm_isp_stats_update_cgc_override fail to validate stream_cfg_cmd->num_streams, allowing an overflow of stream_cfg_cmd->stream_handle. The CVE...
CVE-2017-9704
CVE-2017-9704 concerns CAF Android kernels (Android for MSM, Firefox OS for MSM, QRD Android) where there is no synchronization between msm_vb2 buffer operations, enabling a use-after-free condition. Root cause: missing synchronization in buffer handling within the kernel component msm_vb2. Affec...
CVE-2018-21082
Affected product: Samsung mobile devices running N(7.x) with Dex Station. Issue: Dex Station enables App Pinning bypass and lock-screen bypass via the To unpin screen lock option. Root cause: bypass of app pinning/lock screen through the “Use screen lock type to unpin” flow. Impact: allows bypass...
CVE-2018-5842
CVE-2018-5842 describes a WLAN privilege/Arbitrary address write in Qualcomm WLAN on Android devices (CAF Android for MSM, Firefox OS for MSM, QRD Android) due to the WLAN firmware sending incorrect data to the WLAN driver. The root cause is a data handling flaw in the interaction between comprom...
CVE-2018-9412
CVE-2018-9412 concerns a DoS in the Android Media framework due to a resource exhaustion condition in ID3.cpp’s removeUnsynchronization, caused by improper input validation. Exploitation requires user interaction; the vulnerability is local in scope with availability impact high and no confidenti...
CVE-2018-9419
CVE-2018-9419 describes an information-disclosure flaw: an out-of-bounds read in the BLE path (l2cble_process_sig_cmd in l2c_ble.cc) that can leak remote data without extra privileges or user interaction. Public documents consistently state the impact as information disclosure with no exploitatio...