334 matches found
CVE-2023-21298
CVE-2023-21298 is a disclosed vulnerability affecting Slice, described as a side-channel information disclosure that can lead to local privilege escalation without extra execution privileges or user interaction. Connected sources corroborate an installed-apps disclosure with local elevation of pr...
CVE-2023-21370
CVE-2023-21370 is an elevation-of-privilege flaw in the Android Security Element API. The root cause is an integer overflow that enables an out-of-bounds write, leading to local privilege escalation with System privileges. Exploitation requires no user interaction. The affected component is the S...
CVE-2015-9030
CVE-2015-9030 describes an authentication bypass in Android CAF builds that use the Linux kernel, via misused Hypervisor API. Affected: Android devices with CAF/Linux Kerenel stack; vulnerable component: Hypervisor API. Root cause: improper handling of Hypervisor API calls enabling bypass of auth...
CVE-2015-9037
Summary: CVE-2015-9037 refers to a buffer over-read/overflow in Qualcomm closed-source components used in Qualcomm-based Android devices with CAF/Linux kernel, specifically in the downlink 3G NAS message processing. The vulnerability could allow a remote attacker to execute arbitrary code or caus...
CVE-2015-9048
CVE-2015-9048 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel, where the vulnerability is in the processing of lost RTP packets due to input validation issues. The CNVD entry describes an unauthorized operation possibility as the impact. The provided documen...
CVE-2015-9053
CVE-2015-9053 describes a buffer overflow in Qualcomm-provided components used in Android CAF builds on devices with the Linux kernel, specifically in the processing of USIM responses. The vulnerability is located in Qualcomm closed-source components integrated in Android, and the issue could all...
CVE-2015-9070
CVE-2015-9070 describes a buffer over-read vulnerability in the TrustZone syscall of Qualcomm closed-source components used in Android builds (CAF Linux kernel). The issue affects Qualcomm components within Android devices that rely on CAF Linux kernels and TrustZone. The root cause is a buffer o...
CVE-2016-10333
CVE-2016-10333 affects Android builds from CAF using the Linux kernel. The available details state that a sensitive system call was allowed to be called by HLOS, indicating a potential misuse of privileged interfaces. The documents do not provide explicit impact, affected versions, or remediation...
CVE-2017-8263
CVE-2017-8263 affects Qualcomm components in Android CAF builds that use the Linux kernel. The issue is a kernel fault triggered by certain operations on a read-only user-space virtual address, with a high impact (local, high confidentiality/integrity/availability implications). Exploitation deta...
CVE-2017-8268
CVE-2017-8268 affects Qualcomm components in Android CAF builds using the Linux kernel. The camera application can request frame/command buffer operations with invalid values, causing the camera driver to perform a heap buffer over-read. Documented impact is high (CVSSv3: 7.8; CVSSv2: 9.3). The v...
CVE-2023-21372
CVE-2023-21372 concerns a vulnerability in libdexfile where a missing bounds check allows an out-of-bounds read, enabling local elevation of privilege without user interaction. The issue affects Android’s libdexfile component and is classified as a local EoP (MITRE ambiguous, but Android bulletin...
CVE-2023-21383
Technical details (affected product/version/root cause/fix) for CVE-2023-21383 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2015-8592
CVE-2015-8592 describes a vulnerability in Qualcomm closed‑source components used in Android CAF Linux builds where a reverse‑referenced pointer is not validated before dereference, potentially causing Guest‑OS memory corruption. Affected: Qualcomm components integrated into Android CAF/Linux ker...
CVE-2015-9023
The CVE-2015-9023 entry describes a buffer overflow in the PlayReady API, present in all Android releases from CAF using the Linux kernel. The vulnerability can enable a remote attacker to execute arbitrary code or cause a denial of service by exploiting the PlayReady API in affected Android comp...
CVE-2015-9044
In CVE-2015-9044, Qualcomm products with CAF Android releases using the Linux kernel have a vulnerability in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. The NVD metrics indicate a CRITICAL impact (Network, No privileges, No user interaction) wit...
CVE-2015-9068
CVE-2015-9068 affects Qualcomm products with Android CAF builds using the Linux kernel. The root cause is improper validation of an argument to a mink syscall, as described in the CVE description. The entry is mapped to a highly critical impact profile (network attack vector, no user interaction,...
CVE-2015-9072
CVE-2015-9072 is described as an untrusted pointer dereference in a Qualcomm TrustZone syscall affecting Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is rated with high/critical impact in CVSS terms (network access, no auth, user interaction not required; co...
CVE-2016-10380
CVE-2016-10380 affects Qualcomm components in Android CAF builds and relates to an information disclosure where the UE can send unprotected MeasurementReports that reveal UE location. Affected environment is Qualcomm-based Android devices using CAF with the Linux kernel. The underlying issue is i...
CVE-2016-5871
CVE-2016-5871 is a buffer overflow due to an integer overflow in Qualcomm CAF Android builds using the Linux kernel when loading an image file. The NVD entry assigns a CVSSv3 base score of 9.8 (CRITICAL, Network attack, no user interaction) with impact to confidentiality, integrity, and availabil...
CVE-2017-0864
CVE-2017-0864 is an elevation-of-privilege vulnerability in MediaTek ioctl (flashlight) exposed on Android kernels. Connected sources confirm the issue affects MediaTek ioctl flashlight within the Android kernel, enabling an attacker to gain elevated privileges. The CNVD entry explicitly describe...
CVE-2017-7365
CVE-2017-7365 is a Qualcomm bootloader elevation-of-privilege issue disclosed in the Android 2017-06-05 bulletin. It is listed as EoP (High) for the Bootloader component; exploitation would yield higher privileges within the kernel/boot context. Patches are provided via Qualcomm AMSS bulletins an...
CVE-2017-8243
CVE-2017-8243 is documented with concrete details in connected sources: it affects Qualcomm components, specifically the SoC driver, categorized as Elevation of Privilege (EoP) with a Moderate impact. The root cause is a buffer overflow that can occur when processing a firmware image file. Public...
CVE-2017-8256
CVE-2017-8256 affects Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is an array bounds issue that can occur when userspace sends more than 16 multicast addresses, potentially enabling memory corruption within the kernel. The NVD entry lists CVSS2/3 base score...
CVE-2019-20606
CVE-2019-20606 affects Samsung mobile devices with software prior to May 2019. A phishing attack against the OMACP service can change network and internet settings (Samsung ID SVE-2019-14073). The NVD entries show CVSSv3.1 base score 9.3 (NETWORK, UI REQUIRED, I:H, A:H) and CVSSv2.0 base 5.8 (I:P...
CVE-2023-21339
CVE-2023-21339: Affects Minikin in Android. The vulnerability enables triggering an ANR through a malicious message, caused by resource exhaustion, leading to remote Denial of Service with no additional privileges and no user interaction required. Public details specify the issue but do not provi...
CVE-2023-21340
The CVE-2023-21340 entry describes an information-disclosure vulnerability in the Telecomm component of Android, caused by a missing permission check that allows local access to the call state without extra privileges or user interaction. Exploitation is local and does not require user action; CV...
CVE-2023-21371
CVE-2023-21371 affects Android’s Secure Element. The issue is an out-of-bounds write caused by an integer overflow in Secure Element code, enabling local escalation of privilege to System execution privileges without user interaction. Exploitation details are not provided in the connected documen...
CVE-2023-21380
CVE-2023-21380 is a Bluetooth heap buffer overflow in Android that can enable local elevation of privilege with SYSTEM execution when exploited without user interaction. The vulnerability is listed in Android 14 security release notes and associated with an out-of-bounds write in Bluetooth. Affec...
CVE-2014-9964
Technical details about CVE-2014-9964 (affected components, root cause, affected versions, exploitability, remediation) are not publicly provided in the connected documents. Monitor for updates from official sources (NVD, Android bulletins) for specifics.
CVE-2015-9025
CVE-2015-9025 describes a buffer overflow in the QTEE application used in CAF Android builds (Linux kernel). The underlying issue is a buffer overflow in QTEE, enabling potential arbitrary code execution on affected devices. Public references confirm the Android QTEE vulnerability and describe it...
CVE-2015-9034
Summary: CVE-2015-9034 is a buffer overflow in Qualcomm closed-source components used in Android CAF builds with the Linux kernel, caused by a SIP string not being null-terminated. This vulnerability affects Qualcomm components in Android and has a CVSS v3 base score of 9.8 (CRITICAL) with networ...
CVE-2015-9036
CVE-2015-9036 describes a memory-corruption vulnerability in Qualcomm components used in Android CAF builds (Linux kernel). The root cause is an incorrect length used when clearing a memory buffer, which can corrupt adjacent memory. Affected products are Qualcomm/CAF Android releases that rely on...
CVE-2015-9045
CVE-2015-9045 is a buffer overflow vulnerability in Qualcomm GERAN within CAF Android builds that use the Linux kernel. The flaw allows a buffer overflow while taking power measurements, impacting affected Qualcomm components. The CVSS data in the public record indicates a high to critical impact...
CVE-2015-9062
Technical details about CVE-2015-9062 are not publicly provided in the connected documents. Monitor for updates.
CVE-2016-10239
CVE-2016-10239 involves a potential bypass of the TrustZone access control policy in Android CAF builds using the Linux kernel. The description notes improper input validation that could cause an integer overflow, potentially leading to a buffer overflow and a buffer over-read. The NVD entry also...
CVE-2023-21301
CVE-2023-21301 affects Android’s ActivityManagerService and enables a local attacker to determine whether an app is installed without query permissions through a side-channel information disclosure. This could lead to local privilege escalation without additional execution privileges or user inte...
CVE-2023-21332
CVE-2023-21332 concerns Android’s Text Services, where a side-channel could reveal whether an app is installed without query permissions. This enables local information disclosure with no extra execution privileges and no user interaction required. The issue is categorized as affecting the Text S...
CVE-2014-9974
CVE-2014-9974 is described in connected records as a Qualcomm component vulnerability affecting Android CAF builds using the Linux kernel, arising from missing validation of buffer lengths in Keymaster. The CNVD-2017-26641 entry explicitly documents a buffer length validation failure in the Qualc...
CVE-2014-9979
CVE-2014-9979 affects Qualcomm products with CAF Android builds using the Linux kernel. The vulnerability is a TrustZone system call issue caused by an uninitialized variable in the kernel, potentially leading to compromise of secure memory. The available documents explicitly describe the root ca...
CVE-2015-9035
CVE-2015-9035 describes a memory-management defect in Qualcomm components used in Android CAF builds on Linux kernels, where a memory buffer is not freed after use, potentially leading to memory exhaustion. Public sources in the connected set (NVD entry, CNVD-2017-26829, CNVD/CVEs and EUVD-2015-8...
CVE-2015-9047
CVE-2015-9047 affects Qualcomm components in Android CAF builds using the Linux kernel, describing a GNSS vulnerability that occurs when a scan is performed after bootup. The CVE entry notes affected software as Qualcomm products with CAF Android releases and the GNSS subsystem, with a CVSSv3 bas...
CVE-2015-9055
Technical details for CVE-2015-9055 are not publicly provided in the connected documents. Please monitor for updates; current documents do not specify affected products, versions, root cause, or fixes beyond the high‑level description.
CVE-2016-10347
CVE-2016-10347 affects Qualcomm components in Android CAF builds using the Linux kernel; the issue is that an argument to a hypervisor function is not properly validated, enabling potential remote exploitation. The vulnerability is serious (CVSS v3 base score 9.8, CRITICAL) with network access an...
CVE-2016-10384
CVE-2016-10384 affects Qualcomm products with Android CAF builds that use the Linux kernel and involve the WLAN driver ioctl. The underlying issue is a potentially reachable assertion in the WLAN driver ioctl, as described in the CVE entry. The Android Security Bulletin (April 2018) notes securit...
CVE-2016-5855
CVE-2016-5855 affects the Qualcomm SPCom driver in Qualcomm AMSS/Android stacks. The root cause is a user‑supplied buffer being cast to a structure without validating the source buffer size, potentially leading to memory corruption or information exposure as described in the CVE entry. Connected ...
CVE-2016-5858
CVE-2016-5858: A vulnerability in the ioctl handler of Qualcomm components used in Android for MSM, Firefox OS for MSM, and QRD Android. If a user supplies a value that is too large, it can cause an out-of-bounds read, leading to potential information disclosure. The description specifies the aff...
CVE-2017-8233
CVE-2017-8233 : This vulnerability affects Android CAF camera driver code on all CAF Android releases using the Linux kernel. The issue is a missing bounds check when writing into an array, which can lead to an out-of-bounds heap write. The provided documents do not specify affected product versi...
CVE-2017-8272
CVE-2017-8272 affects Qualcomm components in Android CAF builds using the Linux kernel. In a driver function, a value supplied from userspace is not properly validated, potentially causing an out-of-bounds heap write. The vulnerability is described as a kernel-level issue with the potential for m...
CVE-2023-21299
CVE-2023-21299 affects Android’s Package Manager, allowing an attacker to determine whether an app is installed via a side‑channel information disclosure. Impact: local information disclosure without extra privileges or user interaction. The vulnerability is described in multiple sources (includi...
CVE-2023-21304
CVE-2023-21304 describes an information-disclosure flaw in Android’s Content Service that can reveal whether an app is installed without query permissions, via a side-channel. The issue allows local information leakage without extra execution privileges and does not require user interaction to ex...