334 matches found
CVE-2015-8593
CVE-2015-8593 describes a buffer overflow in the 1x call processing of Qualcomm components used in Android CAF releases running the Linux kernel. The entry indicates a high-severity issue (CVSSv3: 9.8, CRITICAL) with network access, no user interaction, and no privileges required, potentially imp...
CVE-2016-10391
CVE-2016-10391 affects Qualcomm Wconnect in Android CAF builds using the Linux kernel. The root cause is insufficient validation of HCI command length, enabling a remote attacker to trigger unauthorized operations. CVSSv3 is reported as 9.8 (CRITICAL). The issue is discussed in multiple sources; ...
CVE-2016-5346
CVE-2016-5346 affects Google Pixel/Pixel XL via the Qualcomm Avtimer driver. It is a NULL pointer dereference when processing an accept() call on AF_MSM_IPC sockets in a user process, enabling a local attacker to disclose sensitive information. The available documents confirm local information di...
CVE-2017-8266
CVE-2017-8266 describes a race condition in the Qualcomm video driver used in CAF Android/Linux kernel variants, potentially leading to a use-after-free. Affected component: video driver within Qualcomm/CAF/Linux kernel stack. Impact details in the CVE notes indicate a partial impact on confident...
CVE-2014-9981
CVE-2014-9981 is reported as a Qualcomm component issue. The connected data indicate a buffer/overflow concern in the USB interface during boot for Qualcomm components used in Android CAF builds running the Linux kernel. The root cause is described as an insufficient overflow check in the USB int...
CVE-2015-8999
CVE-2015-8999: The vulnerability is described as a TrustZone buffer overflow that can occur in Android CAF builds when loading an ELF file. Connected sources corroborate a TrustZone buffer overflow in Android’s TrustZone component with potential for arbitrary code execution or denial of service, ...
CVE-2017-7369
CVE-2017-7369 affects Android CAF builds using the Linux kernel. The vulnerability stems from an array index in an ALSA routine not properly validating input, which can potentially lead to kernel stack corruption. Public details in the provided documents describe the root cause and impact but do ...
CVE-2017-7370
CVE-2017-7370 is listed in connected sources as a Qualcomm video driver vulnerability (Video driver) causing an elevation of privilege (EoP) with Moderate severity. The detail consistently attributes the flaw to a race condition in the video driver within Android CAF/Linux kernel deployments. No ...
CVE-2017-8262
CVE-2017-8262 is documented in multiple sources as a use-after-free race condition in Qualcomm components (GPU driver) within CAF Android Linux-kernel builds. Affected software is Qualcomm’s GPU driver stack integrated in CAF Android releases; root cause described as a race in memory allocation/f...
CVE-2017-8270
Technical details about CVE-2017-8270 are not publicly provided in the connected documents. The available sources only reiterate a race condition in Qualcomm CAF/Linux kernel driver; monitor for updates and disclosures.
CVE-2023-21306
CVE-2023-21306 affects Android’s ContentService, enabling local information disclosure by reading installed sync content providers via a side-channel. The vulnerability description states no additional execution privileges and no user interaction are required. The available sources (CVE entry and...
CVE-2023-21334
CVE-2023-21334 affects Android's App Ops Service. A logic error allows an attacker with local access to disclose information about installed packages without requiring extra execution privileges or user interaction. The vulnerability is documented across multiple sources (NVD/Red Hat/CNNVD) with ...
CVE-2023-21347
CVE-2023-21347 is a Bluetooth information-disclosure vulnerability caused by a missing bounds check that enables a remote read of memory without user interaction. The initial and related records consistently describe an out-of-bounds read leading to potential information disclosure with no extra ...
CVE-2023-21396
CVE-2023-21396 affects Android’s Activity Manager (System component) with a logic error that can cause a background activity to launch, enabling local escalation of privilege. Under the Android 14 release notes, this is categorized as EoP (Moderate) in the System group. The description explicitly...
CVE-2014-9936
CVE-2014-9936 describes a time-of-check time-of-use race condition in TrustZone used during authentication on Android devices that use CAF/Linux kernel. Connected sources indicate the issue affects Android releases prior to 7.0 in TrustZone authentication routines, implying a potential impact to ...
CVE-2015-8995
CVE-2015-8995 describes an integer overflow vulnerability in TrustZone that could affect all Android releases from CAF using the Linux kernel. The connected NVD entry attributes this to the TrustZone component, noting potential impacts to confidentiality, integrity, and availability (CVSS base me...
CVE-2015-9002
This CVE concerns Google Android TrustZone, where a DRM routine in the TrustZone DRM path can suffer an out-of-range pointer offset (integer overflow) vulnerability. Connected CNVD entry explicitly states an integer overflow in the TrustZone DRM routine exists on Android, and that an attacker cou...
CVE-2016-10336
Technical details about CVE-2016-10336 are not publicly available in the provided connected documents. The material confirms memory regions unprotected during boot on CAF Android/Linux, but remediation specifics are not included here. Monitor for updates.
CVE-2016-10342
CVE-2016-10342 is a buffer overflow in an Android CAF Linux kernel syscall handler. Attack requires local access and user interaction, with potential for high impact (admin privileges) per CVSS data. Affected: Android CAF builds using the Linux kernel; exploit details are not provided in the link...
CVE-2016-10388
Technical details about CVE-2016-10388 are not publicly provided in the connected documents. Monitor for updates.
CVE-2016-5861
CVE-2016-5861 affects Qualcomm display/video driver in Android for MSM. The vulnerability arises when a userspace-controlled variable is used to compute offsets/sizes for copy operations, potentially causing a heap overflow. The connected documents classify this as an Elevation of Privilege (EoP)...
CVE-2017-8261
CVE-2017-8261 is a Qualcomm component issue affecting the Camera driver in CAF Android builds using the Linux kernel. The root cause is a potential kernel overwrite in a camera driver ioctl, enabling Elevation of Privilege rather than remote code execution. The vulnerability is classified as EoP ...
CVE-2017-9678
CVE-2017-9678 affects Qualcomm’s video driver in Android CAF builds on Linux kernel. The issue is memory corruption due to lack of bounds checking in memcpy(), enabling local exploitation with user interaction. CVSS v3.0 base score 7.8 (HIGH) with LOCAL exploit and HIGH impact on confidentiality,...
CVE-2019-9468
The CVE-2019-9468 issue affects Android 10 and is caused by a double free in export_key_der inside export_key.cpp, leading to memory corruption and local privilege escalation without user interaction. The vulnerability is categorized as EoP with high impact, as reflected in the Pixel Update Bulle...
CVE-2023-21324
CVE-2023-21324 is listed in Android 14 release notes under the Framework section as an elevation-of-privilege (EoP) vulnerability with moderate severity. The exact affected packages/versions are not detailed in the provided sources, but the Android bulletin states these issues are fixed in Androi...
CVE-2023-21335
CVE-2023-21335 affects Android, describing a side-channel in Settings that allows determining if an app is installed without query permissions. The vulnerability enables local information disclosure with no extra privileges and no user interaction required. Connected sources (RH security advisory...
CVE-2015-0575
CVE-2015-0575 describes an insecure-cipher-suite issue in Qualcomm components used in Android builds (CAF Linux kernel). The connected CNVD-2017-26831 entry explicitly attributes the vulnerability to the Qualcomm closed‑source component in Android, arising from insecure default cipher configurati...
CVE-2015-9041
CVE-2015-9041 is a buffer overflow vulnerability in Qualcomm closed‑source components used in Android CAF builds based on the Linux kernel, triggered during WCDMA radio tuning. Public sources (NVD/CNVD) describe a buffer overflow in the Qualcomm component within Android, with potential for arbitr...
CVE-2015-9065
CVE-2015-9065 concerns Qualcomm products with CAF Android releases using the Linux kernel, where a UE may respond to a UEInformationRequest before Access Stratum security is established. The provided sources describe the issue but do not specify exact affected models, versions, or a vendor patch/...
CVE-2016-10339
CVE-2016-10339 affects CAF Android builds using the Linux kernel. The issue allows HLOS to overwrite secure memory or read the keystore contents. Details across sources indicate the vulnerability impacts Android devices in CAF releases and were addressed in the 2017 Android security patches (June...
CVE-2017-7368
CVE-2017-7368 affects Android releases from CAF that use the Linux kernel. The issue is a race condition in the ioctl handler of a sound driver, identified as the root cause in the description. The access vector is local, with user interaction required, and the impact is described as high for con...
CVE-2017-9682
CVE-2017-9682 affects the Qualcomm KGSL GPU driver in Android CAF builds on Linux kernel. Description: a race condition between two KGSL driver functions can cause a Use After Free. Exploitation details are not provided in the connected documents. Mitigation: Android security bulletin patches (Au...
CVE-2023-21296
CVE-2023-21296 corresponds to an information-disclosure flaw in Android’s permission side-channel that can reveal whether an app is installed, enabling local escalation of privilege with no extra execution privileges required. Exploitation requires user interaction. Android 14 patch release notes...
CVE-2023-21302
CVE-2023-21302 affects Android’s Package Manager. The issue is a side-channel information disclosure that lets an attacker determine whether an app is installed without query permissions, leading to local information disclosure without any execution privileges. Exploitation details are not provid...
CVE-2023-21328
Technical details about CVE-2023-21328 (affected product/version, root cause, or fixes) are not publicly provided in the connected documents. Monitor for updates and future disclosures.
CVE-2023-21348
The CVE-2023-21348 entry concerns Android Window Manager side-channel leakage that allows an app to be detected as installed without query permissions, causing local information disclosure. Connected sources corroborate the issue as an information-disclosure vulnerability (Framework category) wit...
CVE-2023-21381
CVE-2023-21381 is an Android vulnerability reported across multiple sources, with concrete details indicating a local use-after-free in the Media Resource Manager that enables possible local arbitrary code execution and local escalation of privilege without user interaction. The Android 14 releas...
CVE-2023-45780
CVE-2023-45780 affects the Android Print Service. The issue stems from a logic error enabling a background activity launch, potentially causing local privilege escalation with no extra execution privileges required beyond user interaction. Documented impact covers confidentiality, integrity, and ...
CVE-2014-9976
Summary (MODE C): CVE-2014-9976 describes a buffer overflow in the 1x call processing path of Qualcomm components used in Android CAF builds that rely on the Linux kernel. The vulnerability is documented with a high/critical impact in CVSS metrics (network attack vector, low complexity, no privil...
CVE-2015-8998
CVE-2015-8998 describes an integer overflow in TrustZone that could potentially affect Android devices using the CAF Linux kernel. Connected sources reiterate TrustZone/CAF exposure and label it as an integer overflow inTrustZone components; no further technical specifics (affected versions, expl...
CVE-2015-9020
Technical details about CVE-2015-9020 are not publicly available in the provided documents. Monitor for updates as new information becomes available.
CVE-2015-9033
CVE-2015-9033 is an Android CAF/Linux kernel issue where a QTEE system call fails to validate a pointer. Reported as a local vulnerability with high impact (confidentiality, integrity, availability) and requiring user interaction. Public references describe the root cause as pointer validation fa...
CVE-2015-9051
CVE-2015-9051 affects Qualcomm components in Android CAF builds using the Linux kernel (LTE stack). Root cause: an assertion can be reached due to an improper bound on a length in a System Information message. Severity in the provided metrics is critical (CVSSv3 base 9.8). The connected documents...
CVE-2016-10341
Technical details about CVE-2016-10341 are not provided in the connected documents. The initial description notes elevated privileges for third-party TEEs on CAF Android/Linux kernel, but no vendor, component, version, impact, or remediation details are disclosed here. Monitor for updates.
CVE-2016-5863
Technical details about CVE-2016-5863 are not provided in the supplied documents. Public references exist (NVD, Ubuntu, SUSE, Tenable, ENISA) but no vendor/product/version/patch info is included here. Monitor for updates.
CVE-2017-7364
CVE-2017-7364 affects Qualcomm devices using CAF Android with the Linux kernel. The issue resides in __mdss_fb_copy_destscaler_data(), where ds_data[i].scale may point to a user-provided address, which can be freed on an error, causing a use-after-free condition. CVSS3 vector indicates a network-...
CVE-2017-7372
CVE-2017-7372 affects Android devices using CAF Linux kernel video drivers. The issue is a race condition in a video driver that could lead to a buffer overflow or write to an arbitrary pointer location, as described in the NVD entry. No specific affected devices, versions, exploit details, or re...
CVE-2017-8234
CVE-2017-8234 affects Android devices using CAF with the Linux kernel, where an out-of-bounds access in a camera driver function can potentially occur. Connected sources identify the issue within camera-related components, notably Qualcomm camera driver entries in the 2017 Android security bullet...
CVE-2017-8242
CVE-2017-8242 affects Android CAF releases that use the Linux kernel and involve the Secure Execution Environment (QTEE) driver. The issue is a race condition in the QTEE driver that can lead to an arbitrary memory write. The provided connected sources confirm the vulnerability description but do...
CVE-2017-9684
CVE-2017-9684 concerns a race condition in the Qualcomm USB driver used by Android CAF Linux kernels, leading to a Use-After-Free condition. The vulnerability is localized and requires user interaction to exploit, with potential high impact on confidentiality, integrity, and availability if succe...