8153 matches found
CVE-2017-0741
CVE-2017-0741 is a MediaTek GPU driver elevation-of-privilege vulnerability affecting Android kernel space. Affected component: MediaTek GPU driver within Android. Impact: local privilege escalation as described in the CVE; no explicit exploit details provided in the documents. Remediation: Andro...
CVE-2017-0747
CVE-2017-0747 is an elevation-of-privilege vulnerability in the Qualcomm Proprietary Component used by Google Android. The issue affects the Android kernel via the Qualcomm-provided component; an attacker could exploit it to escalate privileges within the device. Public descriptions in CNVD/NVD i...
CVE-2017-0818
The CVE-2017-0818 entry concerns the Android Media Framework vulnerability affecting Android 7.0, 7.1.1, 7.1.2 and 8.0. The issue is described as a vulnerability in the Android media framework (component: Media Framework) with no explicit root-cause details in the provided docs. CVSSv3 base score...
CVE-2017-0843
CVE-2017-0843 is a local elevation-of-privilege vulnerability in MediaTek’s CCCI component within the Android kernel. The NVD entry characterizes it as EoP with high impact (confidentiality, integrity, and availability all affected) and local attack vector with no user interaction. The vulnerabil...
CVE-2017-0847
CVE-2017-0847 is an elevation of privilege in the Android media framework (mediaanalytics) affecting Android 8.0 on Pixel/Nexus. The vulnerability is classified as EoP with impact on confidentiality, integrity, and availability. The Pixel security bulletin notes a patch level of 2017-11-05 or lat...
CVE-2017-0857
CVE-2017-0857 is listed in the Android Pixel/Nexus Security Bulletin (Media framework) with type NSI, affecting Android 7.0, 7.1.1, 7.1.2, and 8.0. The bulletin groups it under Media framework alongside other CVEs and indicates updated AOSP versions (patch level addressing the issue). The provide...
CVE-2017-11006
CVE-2017-11006 is a Use-After-Free vulnerability in Android for MSM, Firefox OS for MSM, and QRD Android (CAF Linux kernel lineage) during positioning. The connected NVD entry confirms the issue and classifies it as high-severity with CVSS v3.0 base score 9.8 (Network, No user interaction, privil...
CVE-2017-11007
CVE-2017-11007 is an Elevation of Privilege in Qualcomm Fastboot (EoP, High) with local access. The available connected records indicate a root cause of buffer overflow in the Partition name during conversion of ascii to unicode in HandleMetaImgFlash, leading to stack corruption. There are no exp...
CVE-2017-11017
CVE-2017-11017 affects Android builds for MSM (including CAF-derived kernel variants) and related Android forks (Firefox OS for MSM, QRD Android). The issue arises when flashing a specially crafted UBI image, causing memory corruption or access to uninitialized memory in the Linux kernel used by ...
CVE-2017-11019
The CVE-2017-11019 issue affects Android for MSM, Firefox OS for MSM, and QRD Android on CAF Linux kernels, where a file descriptor allocated during get_metadata was not closed after freeing the associated buffer, causing a failure during exit. This is a kernel/user-space interaction flaw that ca...
CVE-2017-11027
CVE-2017-11027 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel; the vulnerability arises when flashing a UBI image, where the size is not validated against the minimum header size, leading to uninitialized data access. The NVD entry characterizes impact ...
CVE-2017-11029
The CVE-2017-11029 issue is a Qualcomm Camera elevation vulnerability in Android on MSM devices. The vulnerability stems from the Camera CPP module Linux driver directly accessing a user-space buffer, with an unchecked ioctl_ptr->len used to copy data into a kernel buffer, enabling kernel memo...
CVE-2017-11033
Technical details about CVE-2017-11033 (affected components, root cause, exploitability, and fixes) are not publicly provided in the connected documents. Monitor for updates.
CVE-2017-11035
CVE-2017-11035 affects Qualcomm WLAN in Android devices (notably Pixel/Nexus) with a buffer overflow/information leak caused by incorrect initialization of WEXT callbacks and missing buffer-size checks. The vulnerability enables EoP via the WLAN path and is tracked as a Qualcomm WLAN issue in the...
CVE-2017-11055
CVE-2017-11055 affects Qualcomm WLAN in Android/CAF Linux-kernel stacks (Android for MSM, Firefox OS for MSM, QRD Android). A buffer over-read can occur when processing the QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION vendor command, potentially exposing memory contents. Affected components a...
CVE-2017-13175
CVE-2017-13175 is a vulnerability in NVIDIA’s Tegra OpenMax component, specifically OMX.Nvidia.audio.render. The issue arises because mediaserver could reference memory after it has been freed, potentially enabling a denial of service or, in some scenarios, privilege escalation. The vulnerability...
CVE-2017-13188
CVE-2017-13188 is an information disclosure vulnerability in the Android media framework (aac). The connected Pixel/Nexus bulletin attributes this CVE to the Media framework component and lists affected Android versions 7.0, 7.1.1, 7.1.2, 8.0, and 8.1, with Android bug ID A-65280786. The bulletin...
CVE-2017-13214
CVE-2017-13214 affects the Hardware HEVC decoder in Android kernel. Affects Android devices processing certain media files, where a page fault can cause remote denial of service in a critical system process. Exploitation is possible over the network with no user interaction and no privileges requ...
CVE-2017-13234
CVE-2017-13234 affects Android’s sonivox DLSParser. A memory leak can cause resource exhaustion leading to remote temporary denial of service, with user interaction required for exploitation. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. Remediation is via ...
CVE-2017-13249
CVE-2017-13249 affects Android (versions 6.0 through 8.1). The issue is in impeg2d_api_set_display_frame within impeg2d_api_main.c, where an out-of-bounds write occurs due to a missing bounds check. This can enable remote code execution with no additional privileges required, with user interactio...
CVE-2017-13279
CVE-2017-13279 affects Android’s M3UParser parsing path (M3UParser.cpp). The issue is a memory resource exhaustion caused by a large loop that pushes items into a vector, leading to remote denial of service. Impacted Android versions include 6.0–8.1. Exploitation requires user interaction, and th...
CVE-2017-13284
CVE-2017-13284 affects Android (Android 6.0 to 8.1). It is caused by improper input validation in config_set_string of config.cc, allowing a second Bluetooth keyboard to be paired without user approval, leading to remote elevation of privilege with no user interaction required. The Android bullet...
CVE-2017-13294
CVE-2017-13294 is an information-disclosure vulnerability affecting Android’s framework (aosp email application). Affected Android versions span 6.0–8.1 (6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1). The Pixel/Nexus security bulletin groups CVE-2017-13294 under Framework with Updated AOSP versions 6....
CVE-2017-13300
CVE-2017-13300 is a DoS in Android's media framework (libhevc) affecting Android 6.0 and 6.0.1. The cited sources (NVD entry and Pixel bulletin) confirm a DoS in the libhevc decoder component; the Android 6.x devices (Pixel/Nexus) are specifically listed. The Pixel security bulletin assigns this ...
CVE-2017-13302
Concrete details for CVE-2017-13302 indicate a DoS in Android 8.0's System UI. Affected product: Android (System UI component) on Pixel/Nexus devices. The vulnerability is a denial of service (DoS) in System UI, with the Android Pixel/Nexus security bulletin noting patches at the 2018-04-05 patch...
CVE-2017-13304
CVE-2017-13304 describes an information disclosure vulnerability in the Upstream kernel mnh_sm driver affecting Android kernels (notably on Pixel/Nexus devices). The connected CNVD entry explicitly states that the vulnerability exists in the kernel mnh_sm driver and that an attacker can obtain in...
CVE-2017-13315
CVE-2017-13315 involves an Elevation of Privilege in Android’s DcParamObject.java (writeToParcel/createFromParcel) that bypasses permissions to start an activity with system privileges without extra execution privileges. Affected component: Android System (DcParamObject parceling code). Impact to...
CVE-2017-15836
Summary: CVE-2017-15836 describes a potential integer overflow leading to a buffer overflow in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF Linux kernels before 2018-04-05, triggered when the firmware sends a service ready event containing a very large value for n...
CVE-2017-15843
CVE-2017-15843 describes a race condition in the Qualcomm bus driver, specifically msm_bus_floor_vote_context(), which can lead to a double-free in CAF Android-for-MSM builds on Linux kernels. The vulnerability affects Android releases that use the affected bus driver; CVSS data indicates Local a...
CVE-2017-18653
CVE-2017-18653 affects Samsung mobile devices running KK (4.4), L (5.0/5.1), M (6.0), and N (7.x). The Email application is vulnerable to an attack via a broadcasted intent that allows an attacker to send emails on behalf of any user. The issue is identified by Samsung as SVE-2017-9357 (Sept 2017...
CVE-2017-18654
CVE-2017-18654 affects Samsung mobile devices on M (6.0) and N (7.0/7.1). The vulnerability allows an unauthenticated attacker to register a new security certificate. The provided documents do not specify the affected component, root cause details, or a concrete remediation/patch version. Connect...
CVE-2017-18659
CVE-2017-18659 affects Samsung mobile devices running KK (4.4), L (5.0/5.1), M (6.0), and N (7.x). Multiple sources (NVD entry and Red Hat advisory) describe an issue where attackers can crash system processes by sending a broadcast to AdaptiveDisplayColorService. The vulnerability is device/syst...
CVE-2017-18662
CVE-2017-18662 affects Samsung mobile devices running M (6.0) and N (7.x). The issue occurs when data outside the rkp log buffer boundary is read, leading to an information leak. Connected sources corroborate a Samsung-specific vulnerability (SVE-2017-9109). The Red Hat and CVE records align on t...
CVE-2017-18670
CVE-2017-18670 affects Samsung mobile devices running KK(4.4), L(5.0/5.1) and M(6.0). The issue arises from android.intent.action.SIOP_LEVEL_CHANGED, which allows a serializable intent to trigger a reboot. Root cause and exact impact are stated in Red Hat/NVD entries and related records as a vuln...
CVE-2017-18671
The CVE affects Samsung mobile devices running Android L/M/N. Root cause: Wi‑Fi related intents with incorrect exception handling. Consequence: crash of system processes. No exploitation details are provided in the documents. Samsung lists a security update reference (SVE-2017-8389) as context fo...
CVE-2017-18680
CVE-2017-18680 concerns Samsung mobile devices running Lollipop (5.0/5.1) and Marshmallow (6.0) tablets. The issue arises from the lockscreen, where the Add User action can be exploited to access user data stored in external storage. Root cause and affected scope are tied to the lockscreen UI all...
CVE-2017-18687
Technical details (affected product/version, root cause, impact, or fixes) are not publicly provided in the connected documents. Monitor for updates; current sources summarize the issue but do not offer actionable specifics.
CVE-2017-6249
CVE-2017-6249 is an elevation-of-privilege issue affecting NVIDIA’s Tegra kernel audio driver (Audio DSP) on Android. The NVIDIA bulletin specifies that an invalid user parameter may be copied to an output buffer without checking input size, which can allow a local malicious app to execute arbitr...
CVE-2017-6258
CVE-2017-6258 describes an elevation-of-privilege vulnerability in NVIDIA libnvmmlite_audio.so when running in the Android media server. The issue may cause an out-of-bounds write and could lead to local code execution in a privileged process. Affected product is Android; remediation is tied to A...
CVE-2017-6288
CVE-2017-6288 affects NVIDIA libnvrm in Android. It describes an out-of-bounds read caused by a missing bounds check, enabling local information disclosure. The issue is identified as a Information Disclosure/DoS-like risk on Android devices (Pixel/Nexus contexts cited) with a reported MEDIUM bas...
CVE-2017-6421
CVE-2017-6421 describes an elevation-of-privilege vulnerability in the Qualcomm MStar touchscreen driver affecting Qualcomm-based Android devices. The issue arises in the touch controller function where a variable is user-controlled, enabling a buffer overflow. Public details indicate the vulnera...
CVE-2017-7366
CVE-2017-7366 affects Android devices using CAF Linux kernel with KGSL kernel graphics guest library: a KGSL ioctl fails to validate all parameters, enabling an elevation of privilege within the GPU driver. The vulnerability is listed under Qualcomm components in the 2017-06-05 Android bulletin; ...
CVE-2017-7371
CVE-2017-7371 affects Android CAF devices using the Linux kernel with SLIMbus when Bluetooth is active. Root cause: a data pointer may be used after being freed when SLIMbus is turned off via Bluetooth, leading to memory corruption and potential local impact. Affected component: Qualcomm/Bluetoot...
CVE-2017-8234
CVE-2017-8234 affects Android devices using CAF with the Linux kernel, where an out-of-bounds access in a camera driver function can potentially occur. Connected sources identify the issue within camera-related components, notably Qualcomm camera driver entries in the 2017 Android security bullet...
CVE-2017-8241
Technical details about CVE-2017-8241 are not publicly provided in the connected documents. The materials here only reiterate a buffer overflow in a WLAN function due to an incorrect message length. Monitor for official updates and patches.
CVE-2017-8281
CVE-2017-8281 is reported as a race condition in Qualcomm CAF Android builds using the Linux kernel, affecting the DCI driver and allowing access to memory that has already been freed during event status queries. Connected sources identify the affected component as the DCI driver in Qualcomm auto...
CVE-2017-9696
CVE-2017-9696 involves a buffer over-read in the Qualcomm MSM camera driver (msm_isp_stop_stats_stream) affecting Android variants built for MSM, Firefox OS for MSM, and QRD Android with CAF Linux kernels. The problem stems from not validating userspace-supplied stream_cfg_cmd->num_streams aga...
CVE-2018-21069
CVE-2018-21069 affects Samsung mobile devices running N(7.x) with MediaTek chipsets. The issue is an information disclosure of kernel stack memory in a MediaTek driver. Samsung reference ID SVE-2018-11852 (July 2018). Connected sources corroborate the vulnerability but do not provide exploit deta...
CVE-2018-9344
The CVE-2018-9344 entry describes a use-after-free in DescramblerImpl.cpp caused by improper locking, enabling local privilege escalation with no extra privileges and no user interaction. Connected sources associate this issue with Android’s Media framework and list affected context in the Androi...
CVE-2018-9359
CVE-2018-9359 describes an out-of-bounds read in Android’s L2CAP handling (process_l2cap_cmd in l2c_main.cc) that could lead to remote information disclosure without prior privileges or user interaction. Affected products span Android 6.0 through 8.1 (Android-6.0/6.0.1, 7.0/7.1.x, 8.0, 8.1). The ...