8153 matches found
CVE-2016-0837
CVE-2016-0837 affects Android’s mediaserver via libstagefright (MPEG4Extractor.cpp). The issue allows remote code execution or a denial of service through a crafted media file due to an out-of-bounds read and memory corruption. Affected are Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befo...
CVE-2016-10336
Technical details about CVE-2016-10336 are not publicly available in the provided connected documents. The material confirms memory regions unprotected during boot on CAF Android/Linux, but remediation specifics are not included here. Monitor for updates.
CVE-2016-10339
CVE-2016-10339 affects CAF Android builds using the Linux kernel. The issue allows HLOS to overwrite secure memory or read the keystore contents. Details across sources indicate the vulnerability impacts Android devices in CAF releases and were addressed in the 2017 Android security patches (June...
CVE-2016-10341
Technical details about CVE-2016-10341 are not provided in the connected documents. The initial description notes elevated privileges for third-party TEEs on CAF Android/Linux kernel, but no vendor, component, version, impact, or remediation details are disclosed here. Monitor for updates.
CVE-2016-11045
The CVE-2016-11045 entry relates to Samsung mobile devices running Lollipop (5.0/5.1) where the Gallery library is vulnerable to memory corruption triggered by a malformed image. Documented impact indicates potential data/process integrity concerns within the Gallery component. The issue is assoc...
CVE-2016-2417
CVE-2016-2417 affects mediaserver’s mediaserver component (frameworks/av/media/libmedia/IOMX.cpp) on Android 4.x–6.x where a parameter data structure is not initialized, enabling information disclosure from process memory and potentially bypassing a protection mechanism. This is demonstrated via ...
CVE-2016-2421
The CVE-2016-2421 entry documents a vulnerability in Android’s Setup Wizard that allows physically proximate attackers to bypass Factory Reset Protection and delete data. Affected: Android 5.1.x before 5.1.1 and 6.x before 2016-04-01. Root cause is an exploit in the Setup Wizard flow that enables...
CVE-2016-2425
CVE-2016-2425 describes an information-disclosure vulnerability in AOSP Mail’s ComposeActivity.java where Android versions 4.x (before 4.4.4), 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-04-01) allow file:///data attachments, enabling a local attacker to obtain sensitive info...
CVE-2016-2428
CVE-2016-2428 affects Android mediaserver: libAACdec/src/aacdec_drc.cpp in mediaserver allows a crafted media file to cause memory corruption via inadequate thread limiting, enabling remote code execution or a denial of service. Affected Android releases: 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1...
CVE-2016-2442
Technical details for CVE-2016-2442 are not publicly provided in the supplied documents; monitor for updates.
CVE-2016-2449
CVE-2016-2449 affects Android mediaserver: Camera3Device.cpp in mediaserver allows privilege escalation due to not validating template IDs, enabling a crafted app to gain Signature or SignatureOrSystem access. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before ...
CVE-2016-3755
CVE-2016-3755 affects the Android Mediaserver component, specifically decoder/ih264d_parse_pslice.c, where Mediaserver on Android 6.x before 2016-07-01 does not properly select concealment frames. This can allow a remote attacker to cause a denial of service (device hang or reboot) via a crafted ...
CVE-2016-3762
CVE-2016-3762 affects Android before patch levels: 5.0.2 for 5.0.x, 5.1.1 for 5.1.x, and 6.x before 2016-07-01. The issue is elevation of privileges in the sockets subsystem when a crafted application uses (1) AF_MSM_IPC or (2) another socket class unrecognized by SELinux, due to internal bug 286...
CVE-2016-3764
CVE-2016-3764 affects Android Mediaserver: media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver is vulnerable. A crafted application can cause information disclosure by obtaining sensitive pointer information. Affected Android versions include 4.x before 4.4.4, 5.0.x before 5.0....
CVE-2016-5854
CVE-2016-5854 involves a kernel information disclosure in Qualcomm SPCom driver components across Android for MSM, Firefox OS for MSM, and QRD Android. The underlying issue is that kernel heap memory can be exposed to userspace, enabling local information disclosure. Public documents list the aff...
CVE-2016-5863
Technical details about CVE-2016-5863 are not provided in the supplied documents. Public references exist (NVD, Ubuntu, SUSE, Tenable, ENISA) but no vendor/product/version/patch info is included here. Monitor for updates.
CVE-2016-5867
CVE-2016-5867 affects the Qualcomm sound driver in Android MSM (kernel sound subsystem). The root cause is that some variables originate from userspace and can be chosen to trigger a stack overflow, potentially enabling local impact. The initial description notes a stack overflow risk; CVSS3/2 me...
CVE-2016-6734
CVE-2016-6734 concerns the NVIDIA GPU driver on Android. The issue is an elevation of privilege that could allow a local malicious app to execute arbitrary code in the kernel context. Affected environment is Android platforms prior to the 2016-11-05 security patch level. The underlying impact is ...
CVE-2016-8414
CVE-2016-8414 is an information-disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator affecting Android. It permits a local attacker with a compromised privileged process to access data outside its permissions. Affected components are the Android kernel (Kernel-3.10 a...
CVE-2016-8421
CVE-2016-8421 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver on Android. A local malicious app could execute arbitrary code in the kernel context by exploiting this driver vulnerability. Affected components/versions noted in provided docs include the Qualcomm Wi‑Fi driver...
CVE-2016-8422
CVE-2016-8422 is an elevation-of-privilege issue in the Qualcomm bootloader that could let a local malicious Android app execute code in the kernel context, potentially leading to permanent device compromise. The vulnerability is described as critical and is tied to the bootloader/Qualcomm stack;...
CVE-2016-8470
CVE-2016-8470 matches an information-disclosure issue in the MediaTek driver on Android. The vulnerability could allow a locally executed malicious app to access data outside its permission levels, due to a flaw in the MediaTek component and requires compromising a privileged process. The entry n...
CVE-2016-8476
CVE-2016-8476 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver for Android, allowing a local malicious application to execute code in the kernel once a privileged process is compromised. The issue affects Android kernel versions 3.10 and 3.18; Android ID A-32879283. The NVD...
CVE-2016-8488
CVE-2016-8488 is an elevation-of-privilege vulnerability in Qualcomm closed-source components within Android, affecting the Android kernel. The issue is described as an elevation of privilege in Qualcomm components used by Android devices; the CVSSv3 metrics indicate a CRITICAL impact with networ...
CVE-2017-0382
CVE-2017-0382 corresponds to a remote code execution vulnerability in the Framesequence library used by Android. A specially crafted file could allow an attacker to execute arbitrary code in the context of an unprivileged process. Technical details in connected documents show affected product sco...
CVE-2017-0395
Technical details about CVE-2017-0395 are not provided in the supplied documents; no specifics on affected components, root cause, or fixes are present. Monitor for updates from authoritative sources.
CVE-2017-0481
CVE-2017-0481 is an elevation-of-privilege vulnerability in Android’s NFC component. The description specifies it could allow a proximate attacker to execute arbitrary code in a privileged process, with affected Android versions including 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The conne...
CVE-2017-0489
CVE-2017-0489 is an elevation-of-privilege vulnerability in Android’s Location Manager that could allow a local malicious app to bypass OS protections for location data. Affected products/versions are Android 4.4.4 through 7.1.1 (including 5.x, 6.x, 7.0, 7.1.1). The issue is described as Moderate...
CVE-2017-0496
Technical details about CVE-2017-0496 are not publicly provided in the supplied connected documents. The sources reiterate a denial-of-service impact for Android Setup Wizard but do not specify affected versions, vectors, or fixes. Monitor for updates from official advisories.
CVE-2017-0544
CVE-2017-0544 is an Android CameraBase elevation of privilege vulnerability enabling a local malicious app to execute arbitrary code in a privileged process. Affected products/versions: Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. The vulnerability is described in the Android bulletin as ...
CVE-2017-0559
CVE-2017-0559 is an information-disclosure vulnerability in Android's libskia that could let a local malicious app access data outside its permission levels. Affected versions include Android 4.4.4 through 7.1.1. The provided documents do not specify the root cause details or a remediation/patch....
CVE-2017-0587
CVE-2017-0587 describes a remote code execution vulnerability in the Android Mediaserver component, specifically in libmpeg2 used during media file and data processing. The underlying issue is memory corruption triggered by processing specially crafted media files, allowing an attacker to execute...
CVE-2017-0590
CVE-2017-0590 describes a remote code execution in the Mediaserver component of Android via a crafted media file that triggers memory corruption in the libhevc path. Affected products/versions include Android releases 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The vulnerability stems from a...
CVE-2017-0596
CVE-2017-0596 is an Android Mediaserver (libstagefright) elevation-of-privilege vulnerability. The issue could allow a local malicious app to execute code with the privileges of Mediaserver. Affected products/versions listed in sources include Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1...
CVE-2017-0619
The CVE-2017-0619 entry describes an elevation-of-privilege vulnerability in the Qualcomm pin controller driver on Android kernels (Kernel-3.10). A local malicious app could execute arbitrary code in the kernel context. The CVSS indicates LOCAL access with HIGH impact on confidentiality, integrit...
CVE-2017-0793
CVE-2017-0793 is an information-disclosure vulnerability in Android’s Imgtk memory subsystem within the Android kernel. Affected: Android (Imgtk/memory subsystem). Impact: potential unauthorized access to data (confidentiality impact HIGH per CVSS). Exploitation details are not provided in the co...
CVE-2017-0816
CVE-2017-0816 is an information-disclosure vulnerability in Android’s media framework (libeffects). Affected products: Android releases listed in the CVE entry (4.4.4–8.0). The root cause is described as a vulnerability within the media framework that can disclose sensitive information. Public re...
CVE-2017-0823
CVE-2017-0823 is an information-disclosure vulnerability in Android’s radio interface layer (rild). Affected: Android (versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2). Root cause: information disclosure in rild (no technical details provided). Impact: potential partial disclosure of ...
CVE-2017-0829
CVE-2017-0829 is an elevation-of-privilege issue in the Motorola bootloader affecting Android kernel components. The linked records consistently describe this as a bootloader vulnerability that can elevate privileges on affected devices. The NVD entry summarizes it as controlling privilege escala...
CVE-2017-0833
CVE-2017-0833 is a remote code execution vulnerability in Android’s media framework (libavc) affecting Android devices running versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0 (Android ID: A-62896384). The initial descriptions consistently identify the issue as a media framework RCE, with no publi...
CVE-2017-11002
CVE-2017-11002 is a Qualcomm Wi‑Fi driver information exposure/DoS type issue described as: in all Qualcomm products with Android CAF builds using the Linux kernel, when processing a vendor sub-command, a buffer over-read can occur. The connected sources confirm this CVE ID is classified as an In...
CVE-2017-11059
CVE-2017-11059 describes a potential buffer overflow in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Linux-kernel releases, caused by setting the HMAC key from different threads during SHA operations. The vulnerability is tied to how the HMAC key is handled under multi-threaded SHA p...
CVE-2017-11092
CVE-2017-11092 is an Android/AAF (KGSL) vulnerability in the Qualcomm graphics driver: the kgsl_ioctl_gpu_command path can trigger a Use After Free condition in the KGSL kernel driver on Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF Linux kernels. The description notes a Us...
CVE-2017-13184
CVE-2017-13184 affects Android 8.0–8.1 SurfaceFlinger. In enableVSyncInjections, a use-after-free on mVSyncInjector can enable local elevation of privilege with code execution in a privileged process; no user interaction required. Exploitation details are not provided in the connected documents. ...
CVE-2017-13267
CVE-2017-13267 affects Android's avrc_pars_vendor_cmd in avrc_pars_tg.cc, with a stack corruption risk due to a missing bounds check. The vulnerability enables remote escalation of privilege with no user interaction, as described in the NVD entry (CVE-2017-13267) and reflected in the Android Secu...
CVE-2017-13293
CVE-2017-13293 affects Android kernel NFC driver. In the nfc_hci_cmd_received() function of core.c, there is a missing bounds check that can cause an out-of-bounds write, enabling local elevation of privilege in the kernel without extra execution privileges or user interaction. The connected Andr...
CVE-2017-14896
The CVE affects Android devices using Qualcomm GUD mobicore driver (Android for MSM/CAF builds) where a memory allocation occurs without validating length, causing an undersized buffer and potential kernel memory overwrite. Root cause: missing length-field validation in the mobicore driver. Impac...
CVE-2017-14897
The CVE-2017-14897 entry corresponds to a local privilege-elevation flaw in the RPMB/CAF kernel path used by Android on MSM/CAF builds. The described issue is that, while handling QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed from kernel space, enabling local explo...
CVE-2017-14905
CVE-2017-14905 affects Android on MSM (and related CAF/Linux-kernel-based builds) via a buffer over-read when handling a specially crafted cfg80211 vendor command in the wireless networking stack. The CNVD/CVE records describe this as information disclosure due to a buffer over-read, impacting Qu...
CVE-2017-14906
CVE-2017-14906 affects Android on Qualcomm Snapdragon IoT devices (including Snapdragon Mobile MDM9206/MDM9607/MSM8909W, SD 210/212/205, SD 410/12) where PKCS7 padding is not supported by the crypto storage APIs. According to NVD, the issue is rated CVSS v3.0/9.8 (CRITICAL) with network attack ve...