8153 matches found
CVE-2017-0488
The CVE-2017-0488 issue is a denial-of-service vulnerability in Android's Mediaserver. A specially crafted media file could cause a device hang or reboot. Affected Android versions are 6.0, 6.0.1, 7.0, and 7.1.1 (Android ID A-34097213). The vulnerability is documented in public advisories and is ...
CVE-2017-0490
Summary (CVE-2017-0490) : Android Wi‑Fi elevation of privilege vulnerability allowing a local malicious app to delete user data in affected Android versions (6.0, 6.0.1, 7.0, 7.1.1). The connected documents corroborate the core issue but do not provide public technical exploit details or patch in...
CVE-2017-0491
CVE-2017-0491 is an elevation of privilege vulnerability in Android’s Package Manager. The issue could allow a local malicious application to prevent users from uninstalling apps or removing app permissions. Affected versions are Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The descri...
CVE-2017-0500
CVE-2017-0500 is an elevation of privilege vulnerability in MediaTek components used in Android, affecting multiple kernel drivers (M4U, sound, touchscreen, GPU, Command Queue). The issue could let a local malicious app execute arbitrary code in the kernel context. Exploitation is local and requi...
CVE-2017-0503
Technical details sufficient to assess affected components, root cause, or fixes are not publicly provided in the supplied documents. Please monitor for updates from official vulnerability feeds for CVE-2017-0503.
CVE-2017-0562
CVE-2017-0562 is an elevation of privilege vulnerability in the MediaTek touchscreen driver affecting Android. The issue could allow a local malicious app to execute arbitrary code in the kernel context, potentially leading to permanent device compromise that may require a reflashed OS. Connected...
CVE-2017-0588
CVE-2017-0588 describes a remote code execution vulnerability in Android’s Mediaserver, specifically in libstagefright’s id3/ID3.cpp. An attacker could exploit this by providing a specially crafted media file, triggering memory corruption during media/file processing. The issue affects Android ve...
CVE-2017-0676
CVE-2017-0676 is a remote code execution vulnerability in the Android media framework (Android). Affected versions include 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The connected documents corroborate this issue as a media framework RCE affecting Android, but do not provide concrete detail...
CVE-2017-0681
CVE-2017-0681 is a remote code execution in the Android media framework affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.** The CVSS3 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates a local attack with no privileges required but user interaction needed, and the...
CVE-2017-0682
CVE-2017-0682 : A remote code execution vulnerability in the Android media framework affecting Android 7.0, 7.1.1, and 7.1.2. Connected sources describe an RCE in the media framework (no root cause details provided) and note patches were released via the July 2017 Android security bulletin. Explo...
CVE-2017-0697
CVE-2017-0697 is a DoS vulnerability in the Android media framework. The connected documents confirm impact on Android devices with versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The Android media framework is the affected component; the issue arises within that framework, leadi...
CVE-2017-0709
CVE-2017-0709 affects the HTC sensor hub driver in the Android kernel. It is an information-disclosure vulnerability with local access, requiring user interaction (CVSS v3: 3.3 Low). The HTC sensor hub vulnerability is addressed in the 2017-07 Android security bulletin; apply the July 2017 patch ...
CVE-2017-0712
CVE-2017-0712 is an elevation of privilege in the Android framework wi-fi service. Affects Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The vulnerability is linked to the Framework wi-fi service and could allow a local attacker to gain elevated privileges. The issue is addressed ...
CVE-2017-0713
CVE-2017-0713 is a remote code execution vulnerability in the Android libraries sfntly. Affected products/versions from the initial entry: Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Connected CNVD-2017-23414 confirms the issue as an Android sfntly remote code execution vulnerabil...
CVE-2017-0716
CVE-2017-0716 is a remote code execution vulnerability in the Android media framework, specifically in the libmpeg2 decoding library. The issue affects Android versions 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The impact, as documented, is that an attacker could potentially execute arbitrary code in th...
CVE-2017-0724
CVE-2017-0724 is a denial-of-service vulnerability in the Android media framework libmpeg2. Affected product: Android. Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The connected sources describe a DoS condition in libmpeg2 but do not provide concrete technical details about the root cause, e...
CVE-2017-0739
CVE-2017-0739 is an information-disclosure vulnerability in the Android media framework component libhevc. The issue affects Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2, and is related to information disclosure via media decoding. The connected documents confirm the affected ...
CVE-2017-0771
CVE-2017-0771 is a denial of service vulnerability in Android’s media framework (libskia) affecting Android 7.0, 7.1.1, and 7.1.2. The NVD entry describes DoS in the media framework, with the running impact defined as availability loss. The CVSS v3 vector indicates LOCAL attack vector, low attack...
CVE-2017-0784
CVE-2017-0784 is an elevation of privilege in the Android NFC subsystem. Affected product: Android (versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2). The provided documents identify the issue as an Android NFC privilege escalation but do not specify the root cause, impacted component beyond ...
CVE-2017-0788
CVE-2017-0788 is a local elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver used by Android (kernel level). The issue affects the Broadcom Wi‑Fi driver component and is documented in the Android 2017-09-01/09-05 security patch level bulletin under Broadcom entries, indicating mitig...
CVE-2017-0826
CVE-2017-0826 is an Elevation of Privilege in the HTC bootloader affecting Android kernel on HTC devices. The vulnerability is described as an EoP in the bootloader, enabling privilege escalation within the Android stack. The primary documented impact is local privilege elevation, with CVSS indic...
CVE-2017-0831
CVE-2017-0831 is an elevation of privilege vulnerability in the Android framework (window manager) affecting Android 8.0. The NVD entry lists a local-privilege escalation risk with user interaction required and exploitation possible within the window manager context, rated HIGH (CVSS v3: LOCAL, U...
CVE-2017-0837
CVE-2017-0837 is an elevation of privilege vulnerability in Android’s media framework (libaudiopolicymanager). Affected: Android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Root cause is an elevation of privilege in the Media framework as noted by the Android Security Bulletin (Media framework sec...
CVE-2017-0854
CVE-2017-0854 is an information-disclosure vulnerability in the Android media framework affecting Android 7.0, 7.1.1, 7.1.2, and 8.0 (Pixel/Nexus devices). The Android Pixel bulletin classifies it under Media framework with patch level 2017-11-05 or later addressing the issue; updated AOSP versio...
CVE-2017-0873
CVE-2017-0873 is a DoS vulnerability in Android's media framework libmpeg2. The issue affects Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0, and is classified as DoS with impact to availability. The Android Security Bulletin lists this CVE under the Media framework with a high severity,...
CVE-2017-10997
CVE-2017-10997 affects Qualcomm PCIe (PCI driver) in CAF Android builds. The root cause is a write to a PCIe register via a debugfs node that can corrupt kernel memory, as described for all Qualcomm products with CAF Linux kernels. The vulnerability detail specifies the component as the PCI drive...
CVE-2017-11003
CVE-2017-11003 affects Android for MSM, Firefox OS for MSM, and QRD Android builds via CAF Linux kernel. The issue arises during firmware image update where data is read from flash into RAM without confirming it fits allotted RAM, enabling potential memory mismanagement. Documented impact include...
CVE-2017-11030
CVE-2017-11030 affects Android for MSM and related CAF/Linux-kernel builds, via the HDMI video driver function hdmi_edid_sysfs_rda_res_info() that allows an arbitrary write into kernel memory from userspace. The issue is tied to Android devices using these CAF/kernel HDMI components, potentially ...
CVE-2017-11049
CVE-2017-11049 describes a race condition in a video driver on Android devices (MSM/Qualcomm display stack) that can potentially lead to a buffer overflow. The affected scope includes Android builds for MSM, Firefox OS for MSM, and QRD Android, with CAF Linux kernel-based releases. The issue is c...
CVE-2017-11053
CVE-2017-11053 affects Android for MSM, Firefox OS for MSM, and QRD Android on CAF Linux-kernel builds. When a qos map set IE with length
CVE-2017-13150
CVE-2017-13150 is an information-disclosure vulnerability in Android’s Media framework affecting Pixel/Nexus devices running Android 7.0, 7.1.1, 7.1.2 and 8.0. The Android Pixel security bulletin attributes a Moderate severity to this issue and ties it to updates that address it. The connected bu...
CVE-2017-13171
The CVE-2017-13171 entry describes an elevation of privilege in the MediaTek performance service used by Android. Affected component: MediaTek performance service within the Android kernel stack. Root cause: local privilege escalation. Impact: attacker with local access could gain higher privileg...
CVE-2017-13204
CVE-2017-13204 is an information-disclosure vulnerability in Android's media framework (libavc) affecting Android 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The flaw is tied to the libavc component within the Media framework, with Android IDs A-64380237. Public sources classify the related issue in the Pix...
CVE-2017-13256
CVE-2017-13256 affects Android where the SDP server component (sdp_server.cc) contains an out-of-bounds write in process_service_search_attr_req due to a missing bounds check. This can enable remote code execution with no privileges and no user interaction. Affected Android versions include 5.1.1...
CVE-2017-13273
CVE-2017-13273 is a kernel‑level race condition in xt_qtaguid.c of the Android kernel caused by insufficient locking, enabling local elevation of privilege with no required user interaction. The issue affects Android kernel components and has been tracked in Android bulletins; the 2018 patch leve...
CVE-2017-13289
CVE-2017-13289 affects Android (versions 6.0–8.1). The issue arises in RttManager.java during writeToParcel and createFromParcel, where a write size mismatch enables a permission bypass that can escalate privileges locally. A local attacker can start an activity with system privileges without add...
CVE-2017-14878
CVE-2017-14878 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel. The issue is a length variable used to copy data that is only 8 bits, which can be exceeded and leads to a denial of service. Impact is Denial of Service (availability impact HIGH per CVSS)....
CVE-2017-15842
CVE-2017-15842 describes a use-after-free vulnerability in Android CAF/Linux kernel code where a mutex is unlocked before freeing the buffer, allowing potential reuse of the freed memory. The issue affects all Android releases using CAF components (Android for MSM, Firefox OS for MSM, QRD Android...
CVE-2017-15855
CVE-2017-15855 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel prior to the 2018-04-05 patch level. The vulnerability arises in the Camera CPP module driver when it directly accesses a user-space buffer; an unchecked userspace value (ioctl_ptr-&...
CVE-2017-18069
CVE-2017-18069 affects Android for MSM, Firefox OS for MSM, and QRD Android builds that use CAF Linux kernel, where an improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to a buffer overread. Public data lists CVSS base scores around ...
CVE-2017-18655
CVE-2017-18655 affects Samsung mobile devices running M(6.0) and N(7.x) software. A stack-based buffer overflow in a trustlet leads to memory corruption. Affected component: trustlet; root cause: stack-based buffer overflow. Impact per sources: partial confidentiality, integrity, and availability...
CVE-2017-7364
CVE-2017-7364 affects Qualcomm devices using CAF Android with the Linux kernel. The issue resides in __mdss_fb_copy_destscaler_data(), where ds_data[i].scale may point to a user-provided address, which can be freed on an error, causing a use-after-free condition. CVSS3 vector indicates a network-...
CVE-2017-7368
CVE-2017-7368 affects Android releases from CAF that use the Linux kernel. The issue is a race condition in the ioctl handler of a sound driver, identified as the root cause in the description. The access vector is local, with user interaction required, and the impact is described as high for con...
CVE-2017-7372
CVE-2017-7372 affects Android devices using CAF Linux kernel video drivers. The issue is a race condition in a video driver that could lead to a buffer overflow or write to an arbitrary pointer location, as described in the NVD entry. No specific affected devices, versions, exploit details, or re...
CVE-2017-8247
CVE-2017-8247 affects Qualcomm camera driver components in Android CAF builds using the Linux kernel. Description: when more than one thread opens the device, the device may be opened multiple times, causing get_pid to be called more than once while put_pid is called only once in msm_close. Impac...
CVE-2017-9684
CVE-2017-9684 concerns a race condition in the Qualcomm USB driver used by Android CAF Linux kernels, leading to a Use-After-Free condition. The vulnerability is localized and requires user interaction to exploit, with potential high impact on confidentiality, integrity, and availability if succe...
CVE-2017-9693
CVE-2017-9693 describes a local vulnerability in Android for MSM, Firefox OS for MSM, and QRD Android where the length of the STA_EXT_CAPABILITY attribute value is shorter than StaParams.extn_capability, causing a memcpy from params->ext_capab to StaParams.extn_capability to read extra bytes. ...
CVE-2017-9720
CVE-2017-9720 affects Qualcomm camera driver in Android CAF Linux kernel builds, where an off-by-one error can trigger an out-of-bounds read/write. The vulnerability is listed under Qualcomm components as an Elevation of Privilege (EoP) risk with the camera driver as the affected component; expli...
CVE-2018-21053
This CVE (CVE-2018-21053) affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) software. The issue is described as clipboard access in the lockscreen state via a physical keyboard (Samsung ID SVE-2018-12684). The connected Red Hat and other entries corroborate the same description. T...
CVE-2018-21055
CVE-2018-21055 affects Samsung mobile devices running N (Android 7.0) on Qualcomm MSM8996. The issue allows rooting via a custom image to run arbitrary scripts in the INIT context. Samsung assigns ID SVE-2018-11940 (Sept 2018). CVSS metrics indicate a critical impact (C/H, I/H, A/H) with network ...