334 matches found
CVE-2015-9024
CVE-2015-9024 concerns Android CAF builds: in all CAF Android releases that use the Linux kernel, certain interfaces were improperly exposed to QTEE applications. The connected documents do not provide a specific affected product/version beyond this CAF/Linux-kernel context, nor do they describe ...
CVE-2015-9028
CVE-2015-9028 describes a buffer overflow in a cryptographic routine used by CAF Android builds that use the Linux kernel. The vulnerability is limited to Android CAF releases and is exploitable locally with user interaction required; the CVSS vectors indicate a HIGH impact on confidentiality, in...
CVE-2015-9031
CVE-2015-9031 arises in all Android CAF builds that use the Linux kernel, where a TZ memory address is exposed to the high-level OS (HLOS) by the HDCP component. The root cause is a leakage of a TZ memory address, enabling information disclosure within the system. The available documents do not s...
CVE-2016-10340
CVE-2016-10340 affects CAF Android releases that use the Linux kernel, with an issue described as an integer underflow in a syscall handler that leads to a buffer overflow. The documents provided confirm the vulnerability description but do not give specific product/vendor versions, affected kern...
CVE-2016-10390
CVE-2016-10390 corresponds to a memory‑consumption issue in Qualcomm components used in Android builds based on CAF Linux kernels. When a file is downloaded, an excessive amount of memory may be consumed, potentially impacting device stability. The vulnerability is described across multiple feeds...
CVE-2016-5853
CVE-2016-5853 affects the Qualcomm Sound/Audio driver in Android CAF builds using the Linux kernel. The root cause is a sanity check: if a length value is out of the valid range, the code prints an error but continues as if the value were correct, potentially enabling unintended behavior. The CVE...
CVE-2017-0865
CVE-2017-0865 is an elevation of privilege in the MediaTek SoC driver within Android kernel. The issue is categorized as EoP in the MediaTek SoC driver component; details across connected records confirm the affected element is the MediaTek SoC driver on Android devices (Pixel/Nexus context cited...
CVE-2017-8267
CVE-2017-8267 affects Qualcomm components in Android CAF builds using the Linux kernel. The issue is a race condition in an IOCTL handler that can lead to an integer overflow and an out-of-bounds write. Impact is described as local, with high severity in CVSS, and no explicit exploit details prov...
CVE-2017-9685
The CVE-2017-9685 entry concerns Qualcomm WLAN driver race conditions in Android CAF builds using the Linux kernel, producing a Use-After-Free condition. Affected software is Qualcomm products with CAF Android releases, where the WLAN driver’s race condition can impact confidentiality, integrity,...
CVE-2023-21327
CVE-2023-21327 relates to a side-channel information disclosure in Android’s Permission Manager, enabling an attacker to determine if an app is installed without query permissions. The vulnerability allows local information disclosure with no extra execution privileges and requires no user intera...
CVE-2023-40101
CVE-2023-40101 describes an out-of-bounds read in the collapse path of canonicalize_md.c that can disclose local information without extra privileges or user interaction. Public records in multiple sources (NVD, Red Hat, CNVD, etc.) confirm the same description. The Android 14 release notes list ...
CVE-2014-9966
CVE-2014-9966 describes a TOCTOU race condition in Android CAF Secure Display implemented in the Linux kernel used by Android. The vulnerability affects Android releases using CAF’s Linux kernel and Secure Display, with impact on confidentiality, integrity, and availability as reflected in CVSS (...
CVE-2014-9980
Technical details for CVE-2014-9980 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2015-8594
CVE-2015-8594 is a buffer over-read vulnerability reported for Qualcomm CAF Android builds using the Linux kernel, affecting Qualcomm components in the RFA-1x area. The NVD entry lists a highly severe impact (CVSSv3 base score 9.8, CRITICAL) with network attack vector and no user interaction, ind...
CVE-2015-8997
CVE-2015-8997 is described in the Connected documents as a time-of-check time-of-use race condition in the listener routine of TrustZone on Android CAF builds using the Linux kernel. The vulnerability is tied to TrustZone’s listener code, with public sources noting a TOCTOU race condition potenti...
CVE-2015-9029
CVE-2015-9029 is an Android CAF/Linux kernel vulnerability affecting the access control settings of modem memory. The issue is described as a memory-access control flaw in CAF Android releases, with a CVSS v3 base score of 7.8 (HIGH) and local attack vector requiring user interaction, impacting c...
CVE-2015-9054
Technical details for CVE-2015-9054 are not provided in the connected documents; no explicit affected products, versions, root cause, or fixes are disclosed here. Monitor for updates.
CVE-2015-9067
CVE-2015-9067 concerns Qualcomm products with Android CAF builds using the Linux kernel. The description indicates a potential compiler optimization of memset() that is addressed in these releases. The connected documents do not provide concrete technical details such as affected versions, exact ...
CVE-2015-9069
CVE-2015-9069 corresponds to a memory corruption vulnerability in Qualcomm closed‑source components used in Android CAF builds, which can lead to corruption of the Secure File System. Connected CNVD entries describe it as a Qualcomm component memory corruption vulnerability affecting Android, wit...
CVE-2016-10334
CVE-2016-10334 affects Android CAF builds using the Linux kernel; a dynamically-protected DDR region could potentially be overwritten. The available documents identify the issue and reference Android security bulletins, but do not provide specific root-cause details, affected product versions, or...
CVE-2016-10389
Technical details about CVE-2016-10389 are not publicly provided in the supplied documents; no affected product/version or remediation details are specified. Monitor for updates from official sources.
CVE-2016-5347
CVE-2016-5347 describes an information-disclosure vulnerability in Qualcomm components, specifically in the CAF Android/Linux kernel audio driver. The issue allows leakage of kernel stack data to userspace via the audio driver, affecting Qualcomm-based Android devices using CAF-released kernels. ...
CVE-2017-7373
CVE-2017-7373 affects Android CAF builds using the Linux kernel display/video driver, describing a double‑free flaw. The Android bulletin attributes EoP potential to this issue and notes patches in the 2017-06-05 security update; apply the corresponding updates to mitigate.
CVE-2017-8257
CVE-2017-8257 affects Qualcomm CAF Android devices using the Linux kernel, specifically the sde_rotator debug interface. The issue arises when multiple processes read registers and one process frees the debug buffer while another still uses it, creating a use-after-free-like condition. The NVD re...
CVE-2017-9679
CVE-2017-9679 affects Qualcomm products with Android CAF/Linux kernel. The issue arises when a userspace string is not NULL-terminated, allowing kernel memory contents to leak to system logs. This constitutes an information disclosure risk (partial confidentiality impact) as described in the vuln...
CVE-2023-21305
Technical details for CVE-2023-21305 are not publicly provided in the supplied documents. No specifics on affected products, versions, or fixes are present. Please monitor for updates.
CVE-2023-21317
CVE-2023-21317 : In Android’s ContentService, a side-channel disclosure can reveal whether an app is installed on the device without any query permissions, enabling local information disclosure with no user interaction. Affected component: ContentService/Android framework; root cause: side-channe...
CVE-2023-21320
CVE-2023-21320 concerns information disclosure via the Device Policy on Android. The issue enables an attacker to verify whether a specific admin app is registered on a device through side-channel information disclosure, resulting in local information disclosure with no additional execution privi...
CVE-2023-21368
CVE-2023-21368 affects Android’s Audio component, with a possible out-of-bounds read caused by a missing bounds check. The consequence is local information disclosure without requiring privileges; exploitation does not require user interaction. Multiple connected sources corroborate the issue, in...
CVE-2014-9962
Technical details about CVE-2014-9962 are not publicly available in the provided connected documents. The initial description notes a DRM provisioning command parsing issue in CAF Android with the Linux kernel, but no specifics on affected versions, impact, or fixes are provided. Monitor for upda...
CVE-2014-9968
CVE-2014-9968 is a buffer‑overflow in the Qualcomm UIMDIAG interface found in Qualcomm closed‑source components included with Android CAF builds using the Linux kernel. Multiple connected sources describe a vulnerable UIMDIAG path in Qualcomm components and flag the issue as a potential for arbit...
CVE-2015-0576
CVE-2015-0576 describes a buffer overflow in the HSDPA component used by Qualcomm in Android CAF/Linux kernel implementations. Connected sources corroborate a Qualcomm HSDPA buffer overflow affecting CAF-based Android releases, with CNVD noting potential arbitrary-code execution or denial of serv...
CVE-2015-1525
CVE-2015-1525 (Android prior to 5.1) targets the AudioPolicyManagerBase.cpp. The vulnerability arises when the system processes a crafted application that provides a NULL device address, allowing a denial of service (audio_policy outage). Root cause is indicated as a NULL-pointer/invalid device a...
CVE-2015-8595
Connected sources tie CVE-2015-8595 to a Qualcomm closed‑source DRM issue in Android CAF using the Linux kernel. CNVD-2017-26645 describes a buffer overflow in the digital television/digital radio DRM of the Qualcomm component, capable of enabling arbitrary code execution or DoS. The available do...
CVE-2015-9022
Technical details about CVE-2015-9022 are not provided in the supplied documents. The description notes TOCTOU race conditions in TZ APIs on CAF Android/Linux kernel; no patch version or affected components specified here. Monitor for updates.
CVE-2015-9027
CVE-2015-9027 concerns an untrusted pointer dereference in WideVine DRM within Android CAF builds that use the Linux kernel. Per the NVD entry, the issue affects WideVine DRM and is rated with a high impact (CVSSv3: 7.8, Local attack vector, user interaction required; CVSSv2: 9.3). The connected ...
CVE-2015-9040
Technical details (affected product/version, root cause, exploitability) for CVE-2015-9040 are not publicly provided in the connected documents; monitor for updates.
CVE-2015-9042
Technical details about CVE-2015-9042 are not publicly available in the connected documents. The description notes a buffer overflow in Qualcomm CAF Android/Linux QMI processing, but no specific fixes or affected versions are provided here; monitor for updates.
CVE-2015-9061
The connected CNVD entry (CNVD-2017-26846) describes CVE-2015-9061 as a vulnerability in Android’s Qualcomm closed‑source components, where the PlayReady DRM fails to detect length, enabling unauthorized access to secure memory. Affected software is the Qualcomm closed‑source component used withi...
CVE-2015-9064
CVE-2015-9064 affects Qualcomm components used in Android CAF builds on the Linux kernel. The issue enables a UE to send its IMEI or IMEISV to the network in response to a network request before NAS security is activated. This vulnerability is described consistently across multiple sources (NVD/N...
CVE-2015-9066
CVE-2015-9066 describes a buffer overflow in the Inter-RAT procedure affecting Qualcomm components in Android CAF builds using the Linux kernel. Public sources flag it as a high-severity issue with potential remote code execution (CVSS ~9.8/10), but the provided documents do not specify affected ...
CVE-2016-10343
CVE-2016-10343 describes a memory leak in Qualcomm components across Android CAF builds when an SSL handshake failure with ClientHello rejection occurs. Affected are Qualcomm-provided, closed-source components used in Qualcomm-based Android devices; root cause is memory being leaked during the TL...
CVE-2016-10383
CVE-2016-10383 describes a TOCTOU race in Secure UI affecting Qualcomm CAF Android builds that use the Linux kernel. Affected: Qualcomm components in CAF Android/Linux kernel environments. Root cause: TOCTOU race condition in Secure UI. Impact: CVSS v3 base score 8.1 (HIGH) with high confidential...
CVE-2016-10392
CVE-2016-10392 describes a memory-leak vulnerability in Qualcomm components used in Android CAF builds that run on the Linux kernel. The flaw is attributed to a driver that can potentially leak kernel memory in all Qualcomm products with Android CAF using the Linux kernel. Connected documents con...
CVE-2016-5860
CVE-2016-5860 affects the Qualcomm sound/ audio driver stack on Android-based devices (Qualcomm MSM Android builds, Firefox OS for MSM, QRD Android). The issue occurs when a function is called with an excessively large length, triggering an integer overflow that leads to a heap buffer overflow. T...
CVE-2017-7367
CVE-2017-7367 concerns an integer underflow in the boot image processing path on Android CAF builds using the Linux kernel. The available connected documents identify this as a DoS-type issue (bootloader component) with a high-severity impact profile. The exact affected products, versions, and fi...
CVE-2017-8237
CVE-2017-8237 is a buffer overflow in CAF Android builds using the Linux kernel when loading a firmware image. Connected data indicates the issue affects Qualcomm networking driver components (QC-CR#1110522) with an Elevation of Privilege (EoP) impact rated as Moderate. No explicit exploit detail...
CVE-2017-8254
CVE-2017-8254 affects Qualcomm-based Android devices that use CAF builds with the Linux kernel. The issue is a null/invalid audio client pointer being dereferenced before it is validated, as described in the CVE entry. The documented impact in the provided sources is limited to this dereference t...
CVE-2017-8265
CVE-2017-8265: A race condition in the Qualcomm video driver (CAF Android builds on Linux kernel) can cause a double free. This is a local issue affecting the video subsystem with potential impact to confidentiality, integrity, and availability as per CVSS metrics, but exploitation status and exa...
CVE-2017-9680
CVE-2017-9680 affects Qualcomm components used in Android CAF builds running the Linux kernel. The issue occurs when a pointer argument from userspace is invalid, and a driver may use an uninitialized structure to log an error message. The connected documents confirm the affected stack is Qualcom...