334 matches found
CVE-2023-21321
CVE-2023-21321 affects Android's Package Manager, enabling cross-user information disclosure due to a missing permission check. The vulnerability allows local information disclosure with no privileges and no user interaction required. The connected sources list this CVE as part of Android 14 secu...
CVE-2023-21379
CVE-2023-21379 (Android Bluetooth information disclosure) is described as a Bluetooth vulnerability with an out-of-bounds read caused by a missing bounds check, enabling local information disclosure. The issue affects Bluetooth handling on Android, requiring System privileges for exploitation, wi...
CVE-2014-9969
CVE-2014-9969 concerns Qualcomm GPS client cryptography on Android CAF builds using the Linux kernel, where the GPS client may use an insecure cryptographic algorithm. Connected documents corroborate this description (Android/Qualcomm stack). The provided sources do not include concrete patch ver...
CVE-2015-1529
The CVE-2015-1529 entry corresponds to an integer overflow in Android’s soundtrigger subsystem, specifically in soundtrigger/ISoundTriggerHwService.cpp. This vulnerability allows a denial of service through unspecified vectors by triggering an overflow in processing within the SoundTrigger hardwa...
CVE-2015-8596
CVE-2015-8596 concerns a buffer length validation flaw in Qualcomm closed‑source malware protection components used in Android CAF builds running the Linux kernel. The root cause is missing validation of buffer lengths, described across multiple sources as a buffer overflow/length-check omission....
CVE-2016-10344
CVE-2016-10344 affects Qualcomm components in Android CAF builds using the Linux kernel, where an out-of-range pointer offset in LTE could be exploited. The entry lists a high-severity impact (CVSS v3 base score 9.8, CRITICAL) with attack vector Network and no user interaction, but the provided d...
CVE-2016-5854
CVE-2016-5854 involves a kernel information disclosure in Qualcomm SPCom driver components across Android for MSM, Firefox OS for MSM, and QRD Android. The underlying issue is that kernel heap memory can be exposed to userspace, enabling local information disclosure. Public documents list the aff...
CVE-2016-5864
CVE-2016-5864 affects Qualcomm sound driver components used in Android for MSM, Firefox OS for MSM, and QRD Android. The issue stems from user-supplied parameters that can trigger integer overflow, potentially followed by a buffer overflow, and a separate lower-bound check omission that may cause...
CVE-2017-0843
CVE-2017-0843 is a local elevation-of-privilege vulnerability in MediaTek’s CCCI component within the Android kernel. The NVD entry characterizes it as EoP with high impact (confidentiality, integrity, and availability all affected) and local attack vector with no user interaction. The vulnerabil...
CVE-2017-7371
CVE-2017-7371 affects Android CAF devices using the Linux kernel with SLIMbus when Bluetooth is active. Root cause: a data pointer may be used after being freed when SLIMbus is turned off via Bluetooth, leading to memory corruption and potential local impact. Affected component: Qualcomm/Bluetoot...
CVE-2017-8241
Technical details about CVE-2017-8241 are not publicly provided in the connected documents. The materials here only reiterate a buffer overflow in a WLAN function due to an incorrect message length. Monitor for official updates and patches.
CVE-2023-21295
CVE-2023-21295 affects Google Android’s SliceManagerService. The root cause is a missing null check in the content provider check, enabling local information disclosure without additional privileges and with no user interaction required. Connected sources (e.g., Red Hat, CNVD, NVD, CNNVD, and And...
CVE-2023-21310
CVE-2023-21310 affects Android Bluetooth, described as an out-of-bounds write caused by a heap buffer overflow in the Bluetooth component. The vulnerability allows local elevation of privilege with System execution privileges and does not require user interaction. The provided documents confirm t...
CVE-2023-21378
CVE-2023-21378 : In Telecomm, a missing permission check enables silencing the ring for calls of secondary users, causing a local elevation of privilege with no additional execution privileges needed. Exploitation does not require user interaction. CVSSv3.1 base score is 7.8 (High), with local at...
CVE-2023-21388
CVE-2023-21388 affects Google Android, specifically the Settings component, where a missing permission check can enable a local escalation of privilege without extra execution privileges or user interaction. The vulnerability is categorized as EoP with a high impact on confidentiality, integrity,...
CVE-2013-6792
Google Android prior to 4.4 contains an APK Signature Security Bypass vulnerability. The issue is cited across multiple sources (NVD entry CVE-2013-6792, Red Hat advisory, CVE listings) and is associated with a signature bypass in APK handling. The CIRCL feed notes an exploit entry, indicating ex...
CVE-2014-9411
CVE-2014-9411 concerns a Qualcomm/CAF Android stack issue: in CAF Android releases using the Linux kernel, an out-of-range pointer offset in rollback protection could be triggered. The vulnerability affects Qualcomm components within Android devices and is described as an out-of-range pointer off...
CVE-2014-9935
CVE-2014-9935 describes an integer overflow in TrustZone that could lead to a buffer overflow in a DRM routine across CAF Android releases using the Linux kernel. The root cause is an overflow in TrustZone handling within DRM code, enabling potential memory corruption in affected devices. Public ...
CVE-2015-8996
CVE-2015-8996 describes a time-of-check time-of-use race condition in a TrustZone QFPROM routine affecting Android builds from CAF using the Linux kernel. The issue centers on the TrustZone protected QFPROM path; the root cause is a TOCTOU race in the QFPROM routine, potentially enabling incorrec...
CVE-2015-9063
CVE-2015-9063 : Technical details are not publicly provided in the supplied documents. Monitor for updates from official advisories; there are currently no concrete details on affected products, impact, or remediation in this source set.
CVE-2016-10387
CVE-2016-10387 concerns Qualcomm CAF Android devices using the Linux kernel, where an assertion could be reachable during a handover. The CVSS3/3.0 score is 9.8 (CRITICAL) with high impact to confidentiality, integrity, and availability, indicating severe risk if exploitable. The provided Connect...
CVE-2016-5867
CVE-2016-5867 affects the Qualcomm sound driver in Android MSM (kernel sound subsystem). The root cause is that some variables originate from userspace and can be chosen to trigger a stack overflow, potentially enabling local impact. The initial description notes a stack overflow risk; CVSS3/2 me...
CVE-2017-0862
CVE-2017-0862 is an elevation of privilege in the Android upstream kernel (Kernel component). The connected records consistently describe it as a Kernel EoP issue affecting the Android kernel; no specific vulnerable version ranges or fixed versions are provided in the supplied documents. The mate...
CVE-2017-6421
CVE-2017-6421 describes an elevation-of-privilege vulnerability in the Qualcomm MStar touchscreen driver affecting Qualcomm-based Android devices. The issue arises in the touch controller function where a variable is user-controlled, enabling a buffer overflow. Public details indicate the vulnera...
CVE-2023-21293
CVE-2023-21293 affects Android’s PackageManagerNative, enabling a side‑channel check to determine if an app is installed without query permissions. Impact: potential information disclosure leading to local elevation of privilege, with no extra execution privileges and no user interaction required...
CVE-2023-21297
CVE-2023-21297 affects SEPolicy in Android, enabling a permissions bypass to access the factory MAC address. This can cause local information disclosure with System execution privileges required and does not require user interaction. The connected Red Hat, CNVD, and other sources reiterate the sa...
CVE-2023-21329
CVE-2023-21329 describes an information disclosure in Android's Activity Manager caused by a missing permission check, enabling local access to whether an app is installed without user interaction. The Android 14 security release notes list this CVE under Framework with a Moderate severity and in...
CVE-2023-21333
CVE-2023-21333 describes an information-disclosure flaw in Android’s Text Services where an attacker can determine if an app is installed via side-channel information disclosure. This can lead to local information leakage with no additional privileges and without user interaction. Connected docum...
CVE-2014-9937
CVE-2014-9937: Concrete detail from connected sources shows a buffer overflow in TrustZone’s DRM routine in Android, applicable across CAF Linux kernel builds. The vulnerability could allow an attacker to execute arbitrary code or cause a denial of service within TrustZone DRM, via a vulnerabilit...
CVE-2014-9967
CVE-2014-9967 describes an untrusted pointer dereference in the WideVine DRM component used by Android CAF builds that run on the Linux kernel. The vulnerability is located in WideVine DRM (a media/content protection feature) and is triggered by dereferencing an untrusted pointer, leading to pote...
CVE-2014-9971
CVE-2014-9971 affects Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability arises when asserts are disabled, causing an instruction inside an assert to be skipped and enabling incorrect control flow. NVD lists a CVSSv3 base score of 9.8 (CRITICAL) with NETWORK attac...
CVE-2014-9975
CVE-2014-9975 describes a rollback vulnerability in the Full Disk Encryption (FDE) component affecting Qualcomm closed‑source code used in Android CAF/Linux kernel builds. The issue is documented across multiple sources (NVD/CVE pages) as related to Qualcomm FDE, with a high‑severity impact profi...
CVE-2015-9000
Technical details about CVE-2015-9000 are not publicly available in the provided Connected documents; the description only states a TrustZone untrusted pointer dereference in a DRM routine across CAF Android kernel releases.
CVE-2015-9001
Technical details, affected components, and remediation for CVE-2015-9001 are not publicly provided in the connected documents. Monitor updates from NVD/Android sources.
CVE-2015-9026
CVE-2015-9026 affects WideVine DRM in Android CAF when running the Linux kernel. The connected documents describe an untrusted pointer dereference vulnerability in WideVine DRM (Android/CAF) with high impact potential. The Android Security Bulletin for 2017-06-01/06-05 indicates patches exist in ...
CVE-2015-9032
CVE-2015-9032: In CAF Android releases using the Linux kernel, a DRM key was exposed to QTEE applications, enabling information disclosure of DRM secrets. The description does not provide remediation details or explicit root-cause fixes in the supplied documents.
CVE-2015-9071
CVE-2015-9071 describes a buffer over-read in a TrustZone syscall present in all Qualcomm products with Android CAF builds using the Linux kernel. The vulnerability affects Qualcomm components integrated in Android and is triggered via a TrustZone interface, enabling a high-impact condition consi...
CVE-2015-9073
CVE-2015-9073 : Concrete details available across sources show a vulnerability in Qualcomm components within Android CAF builds using the Linux kernel, where an untrusted pointer could be dereferenced in a TrustZone syscall. The issue affects Qualcomm’s closed-source/TrustZone pathway inside Andr...
CVE-2016-10332
CVE-2016-10332 : Affects Android builds from CAF using the Linux kernel where stack protection was not enabled for secure applications. The available description specifies the missing stack-protection bit but provides no details on affected products/versions beyond “Android releases from CAF usin...
CVE-2016-10335
CVE-2016-10335 involves Android CAF builds; connected documents indicate that the Linux kernel usage within CAF Android releases involves an update to libtomcrypt. The available sources do not provide explicit vulnerability details, affected vendor/product version ranges, root cause analysis, exp...
CVE-2016-10338
Technical details about CVE-2016-10338 are not publicly provided in the connected documents. The available descriptions simply note an RPMB processing issue in CAF Android kernels. Monitor for updates; no specifics on impact, affected versions, or fixes are provided.
CVE-2016-10386
CVE-2016-10386 describes an array index out of bounds vulnerability in LPP within Qualcomm CAF Android/Linux kernel components. Public docs confirm the issue affects Qualcomm-labeled CAF Linux kernel code and characterize it as an out-of-bounds condition in LPP, with high-severity impact (per CVS...
CVE-2016-5859
CVE-2016-5859 involves a vulnerability in the Qualcomm sound driver across Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when a function is called with a very large length, triggering an integer overflow that is followed by a buffer overflow. The description identifies me...
CVE-2017-7366
CVE-2017-7366 affects Android devices using CAF Linux kernel with KGSL kernel graphics guest library: a KGSL ioctl fails to validate all parameters, enabling an elevation of privilege within the GPU driver. The vulnerability is listed under Qualcomm components in the 2017-06-05 Android bulletin; ...
CVE-2017-8239
CVE-2017-8239 is an information-disclosure issue in the Camera driver on Android devices (Qualcomm components) listed under the 2017 Pixel/Nexus bulletin. The vulnerability is categorized as ID with moderate severity in the camera driver, with no exploitation details provided in the available doc...
CVE-2023-21325
Technical details about CVE-2023-21325 are not publicly available in the provided connected documents. No concrete information on affected products, versions, or fixes is present. Monitor for updates.
CVE-2023-21337
CVE-2023-21337 affects the Android InputMethod component and describes an information-disclosure side channel that can reveal whether an app is installed. This leads to local elevation of privilege with no extra execution privileges and no required user interaction, per the description in the NVD...
CVE-2023-21346
CVE-2023-21346 is listed in Android 14 security release notes under Framework with Type ID and Moderate severity. The initial description indicates a local information-disclosure via Device Idle Controller side-channel (no user interaction required). Connected notes confirm framework-level classi...
CVE-2014-9960
CVE-2014-9960 is a documented buffer‑overflow vulnerability in the PlayReady API present in Android releases from CAF using the Linux kernel. The issue affects the PlayReady API component (buffer overflow in PlayReady) and is supported by multiple entries (NVD, CNVD, CVELIST, PRION, etc.). The CV...
CVE-2014-9973
CVE-2014-9973 describes a buffer-length validation flaw in the PlayReady DRM routine within Qualcomm closed‑source components used in Qualcomm/CAF Android builds on the Linux kernel. The underlying issue is missing validation of buffer length in the DRM pathway, which could enable a remote attack...