8153 matches found
CVE-2016-3775
The vulnerability CVE-2016-3775 concerns the Android kernel file system. A local, privilege-escalation flaw exists in the kernel file system on Nexus 5X, Nexus 6P, Nexus 6, Nexus Player, and Pixel C devices running affected Android versions prior to 2016-07-05, allowing a crafted application to g...
CVE-2016-3809
CVE-2016-3809 is an information-disclosure vulnerability in Android’s networking component. The iovy/iovy_pxn2 flows describe using CVE-2016-3809 to leak the kernel address of a sock structure, enabling subsequent steps to corrupt kernel data and escalate privileges. Affected devices include Andr...
CVE-2016-3915
The CVE-2016-3915 issue affects Android’s Camera service (camera_metadata.c) across multiple Android versions, enabling a local attacker to escalate privileges via a crafted app. Root cause: privilege escalation in the Camera service. Impact: attacker gains high-level privileges. Mitigation/Remed...
CVE-2016-5861
CVE-2016-5861 affects Qualcomm display/video driver in Android for MSM. The vulnerability arises when a userspace-controlled variable is used to compute offsets/sizes for copy operations, potentially causing a heap overflow. The connected documents classify this as an Elevation of Privilege (EoP)...
CVE-2016-6706
CVE-2016-6706 is a local privilege-escalation vulnerability in Android’s Mediaserver, specifically within the libstagefright component. The issue allows a local malicious application to execute arbitrary code in the context of a privileged process due to a flaw in Mediaserver on Android 7.0 and e...
CVE-2016-6739
CVE-2016-6739 is an elevation-of-privilege vulnerability in the Qualcomm camera driver on Android, allowing a local malicious app to execute arbitrary code in the kernel context. The issue requires compromising a privileged process and is described as a local attack with high impact (kernel integ...
CVE-2016-6741
CVE-2016-6741 is an elevation-of-privilege in the Qualcomm camera driver on Android prior to 2016-11-05. A local malicious app could execute arbitrary code in the kernel context. Affected devices in the public tables include Nexus 5X, Nexus 6P, and related devices (Android One, Pixel family). The...
CVE-2016-6750
CVE-2016-6750 denotes an information-disclosure vulnerability in Qualcomm components used by Android—specifically the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver. The issue could allow a local malicious app to access data outside its permission levels, but only after co...
CVE-2016-6767
CVE-2016-6767 describes a denial-of-service vulnerability in Mediaserver on Android 4.4.4 that could be triggered by a specially crafted file to cause a device hang or reboot. The primary affected component is Mediaserver (Android). The public material confirms the impact as DoS and notes remote ...
CVE-2016-6772
CVE-2016-6772 is an Android Wi‑Fi elevation of privilege vulnerability. The issue could let a local malicious app execute code in the context of a privileged Wi‑Fi process. Affected products/versions per the entry: Android 5.0.2, 5.1.1, 6.0, 6.0.1, and 7.0. The root cause is exploitation of the W...
CVE-2016-8419
CVE-2016-8419 is a local elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver affecting Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the Qualcomm Wi‑Fi driver. Affected components/files are tied to the Andr...
CVE-2016-8436
CVE-2016-8436 matches an elevation-of-privilege flaw in the Qualcomm video driver affecting Android kernels (Kernel-3.18). The vulnerability could let a local malicious app execute arbitrary code in the kernel context, potentially causing a permanent device compromise and requiring reflashing to ...
CVE-2017-0402
CVE-2017-0402 describes an information disclosure vulnerability in Audioserver (libeffects, path lvm/wrapper/Bundle/EffectBundle.cpp) that could allow a local malicious Android app to access data outside its permission levels. Affected products/versions include Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6...
CVE-2017-0409
CVE-2017-0409 is a remote code execution vulnerability in Android’s libstagefright. The connected documents confirm the affected component (libstagefright) and that exploitation involves processing a specially crafted file to run code in the context of an unprivileged process, with Android versio...
CVE-2017-0423
CVE-2017-0423 is an elevation-of-privilege vulnerability in the Android Bluetooth stack. A proximate attacker could leverage a separate Bluetooth stack vulnerability to manage access to documents on Android devices. Affected products/versions include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1...
CVE-2017-0476
CVE-2017-0476 : A remote code execution vulnerability in AOSP Messaging causing memory corruption during media/file processing via a specially crafted file. Affected: Android 6.0, 6.0.1, 7.0, 7.1.1 (Android ID A-33388925). Impact: remote code execution within an unprivileged context. Source notes...
CVE-2017-0494
Technical details (affected component/version or root cause) are not publicly provided in the connected documents for CVE-2017-0494; available descriptions note an information-disclosure issue in AOSP Messaging affecting Android 6.0–7.1.1. Monitor for updates.
CVE-2017-0532
CVE-2017-0532 describes an information-disclosure vulnerability in the MediaTek video codec driver that could allow a local malicious Android app to access data outside its permission levels. The issue is considered moderate because exploitation requires compromising a privileged process. The rec...
CVE-2017-0538
CVE-2017-0538 is a remote code execution vulnerability in libavc used by Android Mediaserver. A specially crafted media file can trigger memory corruption during processing, allowing code execution within Mediaserver. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1. Root cause: memory corruptio...
CVE-2017-0551
CVE-2017-0551 is a remote denial-of-service vulnerability in Android’s Mediaserver Libavc implementation. It affects Android 6.0, 6.0.1, 7.0, and 7.1.1, where processing a specially crafted file could cause a device hang or reboot. Public details in the provided documents describe the issue and a...
CVE-2017-0615
CVE-2017-0615 is an elevation-of-privilege vulnerability in the MediaTek power driver on Android that could allow a local malicious application to execute arbitrary code in the kernel context after compromising a privileged process. The entry notes the issue is high severity and that patches are ...
CVE-2017-0639
CVE-2017-0639 is an information-disclosure vulnerability within Android’s Bluetooth component. The issue could allow a local malicious application to access data outside its permissions, effectively bypassing OS data isolation. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7....
CVE-2017-0680
CVE-2017-0680 is described across the provided documents as a remote code execution vulnerability in the Android media framework affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The connected sources reiterate the issue but do not provide concrete technical details in these documents about th...
CVE-2017-0686
CVE-2017-0686 is a denial-of-service vulnerability reported in the Android media framework affecting Android versions 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID A-34231231). Connected CNVD entry CNVD-2017-15983 mirrors a media framework DoS in Android, describing a vulnerability in the Android...
CVE-2017-0731
The CVE-2017-0731 entry corresponds to an elevation of privilege in the Android media framework (mpeg4 encoder). According to CNVD-2017-23424, the issue exists in Android’s Media framework mpeg4 encoder and could allow an attacker to execute arbitrary code with elevated privileges. The initial de...
CVE-2017-0774
CVE-2017-0774 is a denial-of-service vulnerability in Android’s media framework (libstagefright) affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0/6.0.1, 7.0, 7.1.1, and 7.1.2. The issue is described in public sources as a DoS in the media framework; no exploit vectors, root cause details, or a...
CVE-2017-0790
CVE-2017-0790 is a local elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver used by Android kernel. The issue is categorized as EoP and is located in the Broadcom Wi‑Fi driver component; the Android bulletin lists CVE-2017-0790 under Broadcom components with a Moderate Android bug ...
CVE-2017-0836
CVE-2017-0836 is a remote code execution vulnerability in the Android media framework (libhevc). Affected product: Android. Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. The issue resides in the Media Framework and could allow an attacker to run arbitrary code, typically by...
CVE-2017-0860
CVE-2017-0860 is an elevation-of-privilege vulnerability in Android’s inputdispatcher subsystem (Android System). Affected versions include 5.0.2, 5.1.1, 6.0/6.0.1, 7.0, 7.1.1, and 7.1.2. The root cause is described as an inputdispatcher-related elevation of privilege, allowing an attacker to gai...
CVE-2017-0880
CVE-2017-0880 is a DoS vulnerability in the Android media framework (libskia) affecting Android 7.0, 7.1.1, and 7.1.2. The issue is documented in multiple sources (NVD/NVD-family and CVE listings) with the Android 2017-12-01/2017-12-05 patch levels addressing these vulnerabilities. The connected ...
CVE-2017-11032
The CVE-2017-11032 issue affects Android builds using CAF Linux kernels (Android MSM/CAF variants). It describes a double-free in the service_locator_send_msg() path when kmalloc fails to allocate memory for resp/req pointers, potentially enabling local privilege elevation. Affected components ar...
CVE-2017-13152
CVE-2017-13152 is an information disclosure vulnerability in Android’s media framework (libmedia drm) affecting Android 5.1.1 through 8.0.0. The public descriptions identify the affected component and versions, with the Pixel/Nexus security bulletin listing this CVE under the Media framework as a...
CVE-2017-13162
CVE-2017-13162 is an elevation-of-privilege vulnerability in the Android kernel binder (Binder IPC). The issue is a local exploit affecting the Android kernel components that implement Binder, allowing a non-privileged (local) attacker to escalate privileges with a high impact on confidentiality,...
CVE-2017-13245
CVE-2017-13245 is an Elevation of Privilege vulnerability in the Android Upstream kernel audio driver (kernel component). The Android Pixel/Nexus bulletin and CVE records identify the issue as a local EoP in the Audio driver within the Android kernel, with patched AOSP versions referenced (patch ...
CVE-2017-13247
CVE-2017-13247 affects the Pixel 2 bootloader (Android). The issue is a missing permission check in the bootloader that bypasses the carrier bootloader lock, enabling local elevation of privileges with user-privilege requirements. Exploitation is described as local with no user interaction requir...
CVE-2017-13276
CVE-2017-13276 concerns a stack buffer overflow in the Android tpdec_asc.cpp module, specifically in the function CProgramConfig_ReadHeightExt, caused by a missing bounds check. This vulnerability could enable remote code execution with the attacker having no special privileges beyond a user on t...
CVE-2017-13303
CVE-2017-13303 is a memory information-disclosure vulnerability in the Broadcom bcmdhd driver used by Android kernel. Affected component: Broadcom bcmdhd driver; root cause: information disclosure vulnerability in that driver. Impact per sources: partial confidentiality breach with no integrity/a...
CVE-2017-15822
CVE-2017-15822 affects Qualcomm-based Android devices (MSM) including Firefox OS for MSM and QRD Android builds within CAF releases prior to the 2018-04-05 security patch level. Description: a buffer overflow may occur while processing an 802.11 management frame in the Linux kernel components use...
CVE-2017-18650
The CVE-2017-18650 entry affects Samsung mobile devices running N(7.x) software. The issue is triggered when reading a malformed wpa_supplicant.conf, causing the WifiStateMachine to throw an IllegalArgumentException and the device to reboot. Samsung’s internal tracking references SVE-2017-9828 (O...
CVE-2017-18667
CVE-2017-18667 affects Samsung mobile devices running KK (4.4), L (5.0/5.1), M (6.0), and N (7.x). The issue allows attackers to prevent users from learning that SMS storage space has been exhausted (Samsung ID SVE-2017-8702). The connected sources do not provide concrete exploitation vectors, im...
CVE-2017-18692
CVE-2017-18692 affects Samsung mobile devices running M (6.0) and N (7.0) on certain chipsets (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, Exynos8895). The vulnerability is a race condition in the sec_ts touchscreen sysfs interface that can lead to a buffer overflow. Affected component: se...
CVE-2017-6281
CVE-2017-6281 affects NVIDIA libnvomx and is described as a possible out-of-bounds write caused by improper input validation, leading to local elevation of privilege. The NVIDIA SHIELD TV advisory lists Libnvomx as the vulnerable component and rates the issue as EoP (High). Affected product: SHIE...
CVE-2017-8245
CVE-2017-8245 affects Android releases from CAF using the Linux kernel. The issue occurs while processing a voice SVC request with a payload size that overflows its declared size, causing an out-of-bounds memory copy. The initial documents provide no vendor/version specifics beyond CAF Android an...
CVE-2017-8261
CVE-2017-8261 is a Qualcomm component issue affecting the Camera driver in CAF Android builds using the Linux kernel. The root cause is a potential kernel overwrite in a camera driver ioctl, enabling Elevation of Privilege rather than remote code execution. The vulnerability is classified as EoP ...
CVE-2017-8269
CVE-2017-8269 affects the Qualcomm IPA driver (IPA WAN) with a userspace-controlled non-null-terminated parameter in the IPA WAN ioctl, exposing kernel memory on CAF/Linux-based Android builds. Root cause: improper handling of a userspace parameter in the IPA WAN ioctl. Impact: kernel memory expo...
CVE-2017-9678
CVE-2017-9678 affects Qualcomm’s video driver in Android CAF builds on Linux kernel. The issue is memory corruption due to lack of bounds checking in memcpy(), enabling local exploitation with user interaction. CVSS v3.0 base score 7.8 (HIGH) with LOCAL exploit and HIGH impact on confidentiality,...
CVE-2017-9691
CVE-2017-9691 is a Qualcomm MobiCore (Trustonic) driver issue via a race condition in the debug message output path on Android devices (MSM, Firefox OS for MSM, QRD Android). The vulnerability allows access to already freed memory, exposing potential confidentiality impact. The connected document...
CVE-2018-13893
CVE-2018-13893 affects Android platforms built on CAF Linux kernels, with the root cause described as out-of-bounds access when copying masks to userspace due to using an old value of the msg mask table count. The CVSS3 vector (LOCAL, LOW CIA/IIA, HIGH impact) indicates local access is required a...
CVE-2018-21050
CVE-2018-21050 concerns Samsung mobile devices running N(7.x) and O(8.X) on Exynos chipsets, where a Buffer overflow in the esecomm Trustlet can lead to arbitrary code execution. The vulnerability is identified by Samsung as SVE-2018-12852 (October 2018). The connected records confirm the affecte...
CVE-2018-21052
The CVE-2018-21052 entry concerns Samsung mobile devices running N(7.x) and O(8.X) with Exynos chipsets. The root cause is incorrect usage of shared memory in the vaultkeeper Trustlet, which can lead to arbitrary code execution. Affected component: vaultkeeper Trustlet; impact is arbitrary code e...