334 matches found
CVE-2017-8237
CVE-2017-8237 is a buffer overflow in CAF Android builds using the Linux kernel when loading a firmware image. Connected data indicates the issue affects Qualcomm networking driver components (QC-CR#1110522) with an Elevation of Privilege (EoP) impact rated as Moderate. No explicit exploit detail...
CVE-2017-8254
CVE-2017-8254 affects Qualcomm-based Android devices that use CAF builds with the Linux kernel. The issue is a null/invalid audio client pointer being dereferenced before it is validated, as described in the CVE entry. The documented impact in the provided sources is limited to this dereference t...
CVE-2017-8265
CVE-2017-8265: A race condition in the Qualcomm video driver (CAF Android builds on Linux kernel) can cause a double free. This is a local issue affecting the video subsystem with potential impact to confidentiality, integrity, and availability as per CVSS metrics, but exploitation status and exa...
CVE-2017-9680
CVE-2017-9680 affects Qualcomm components used in Android CAF builds running the Linux kernel. The issue occurs when a pointer argument from userspace is invalid, and a driver may use an uninitialized structure to log an error message. The connected documents confirm the affected stack is Qualcom...
CVE-2023-21372
CVE-2023-21372 concerns a vulnerability in libdexfile where a missing bounds check allows an out-of-bounds read, enabling local elevation of privilege without user interaction. The issue affects Android’s libdexfile component and is classified as a local EoP (MITRE ambiguous, but Android bulletin...
CVE-2015-9030
CVE-2015-9030 describes an authentication bypass in Android CAF builds that use the Linux kernel, via misused Hypervisor API. Affected: Android devices with CAF/Linux Kerenel stack; vulnerable component: Hypervisor API. Root cause: improper handling of Hypervisor API calls enabling bypass of auth...
CVE-2015-9037
Summary: CVE-2015-9037 refers to a buffer over-read/overflow in Qualcomm closed-source components used in Qualcomm-based Android devices with CAF/Linux kernel, specifically in the downlink 3G NAS message processing. The vulnerability could allow a remote attacker to execute arbitrary code or caus...
CVE-2015-9048
CVE-2015-9048 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel, where the vulnerability is in the processing of lost RTP packets due to input validation issues. The CNVD entry describes an unauthorized operation possibility as the impact. The provided documen...
CVE-2015-9053
CVE-2015-9053 describes a buffer overflow in Qualcomm-provided components used in Android CAF builds on devices with the Linux kernel, specifically in the processing of USIM responses. The vulnerability is located in Qualcomm closed-source components integrated in Android, and the issue could all...
CVE-2015-9070
CVE-2015-9070 describes a buffer over-read vulnerability in the TrustZone syscall of Qualcomm closed-source components used in Android builds (CAF Linux kernel). The issue affects Qualcomm components within Android devices that rely on CAF Linux kernels and TrustZone. The root cause is a buffer o...
CVE-2016-5871
CVE-2016-5871 is a buffer overflow due to an integer overflow in Qualcomm CAF Android builds using the Linux kernel when loading an image file. The NVD entry assigns a CVSSv3 base score of 9.8 (CRITICAL, Network attack, no user interaction) with impact to confidentiality, integrity, and availabil...
CVE-2017-0864
CVE-2017-0864 is an elevation-of-privilege vulnerability in MediaTek ioctl (flashlight) exposed on Android kernels. Connected sources confirm the issue affects MediaTek ioctl flashlight within the Android kernel, enabling an attacker to gain elevated privileges. The CNVD entry explicitly describe...
CVE-2017-7365
CVE-2017-7365 is a Qualcomm bootloader elevation-of-privilege issue disclosed in the Android 2017-06-05 bulletin. It is listed as EoP (High) for the Bootloader component; exploitation would yield higher privileges within the kernel/boot context. Patches are provided via Qualcomm AMSS bulletins an...
CVE-2017-8263
CVE-2017-8263 affects Qualcomm components in Android CAF builds that use the Linux kernel. The issue is a kernel fault triggered by certain operations on a read-only user-space virtual address, with a high impact (local, high confidentiality/integrity/availability implications). Exploitation deta...
CVE-2017-8268
CVE-2017-8268 affects Qualcomm components in Android CAF builds using the Linux kernel. The camera application can request frame/command buffer operations with invalid values, causing the camera driver to perform a heap buffer over-read. Documented impact is high (CVSSv3: 7.8; CVSSv2: 9.3). The v...
CVE-2023-21339
CVE-2023-21339: Affects Minikin in Android. The vulnerability enables triggering an ANR through a malicious message, caused by resource exhaustion, leading to remote Denial of Service with no additional privileges and no user interaction required. Public details specify the issue but do not provi...
CVE-2023-21340
The CVE-2023-21340 entry describes an information-disclosure vulnerability in the Telecomm component of Android, caused by a missing permission check that allows local access to the call state without extra privileges or user interaction. Exploitation is local and does not require user action; CV...
CVE-2023-21380
CVE-2023-21380 is a Bluetooth heap buffer overflow in Android that can enable local elevation of privilege with SYSTEM execution when exploited without user interaction. The vulnerability is listed in Android 14 security release notes and associated with an out-of-bounds write in Bluetooth. Affec...
CVE-2015-8592
CVE-2015-8592 describes a vulnerability in Qualcomm closed‑source components used in Android CAF Linux builds where a reverse‑referenced pointer is not validated before dereference, potentially causing Guest‑OS memory corruption. Affected: Qualcomm components integrated into Android CAF/Linux ker...
CVE-2015-9023
The CVE-2015-9023 entry describes a buffer overflow in the PlayReady API, present in all Android releases from CAF using the Linux kernel. The vulnerability can enable a remote attacker to execute arbitrary code or cause a denial of service by exploiting the PlayReady API in affected Android comp...
CVE-2015-9044
In CVE-2015-9044, Qualcomm products with CAF Android releases using the Linux kernel have a vulnerability in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. The NVD metrics indicate a CRITICAL impact (Network, No privileges, No user interaction) wit...
CVE-2015-9068
CVE-2015-9068 affects Qualcomm products with Android CAF builds using the Linux kernel. The root cause is improper validation of an argument to a mink syscall, as described in the CVE description. The entry is mapped to a highly critical impact profile (network attack vector, no user interaction,...
CVE-2015-9072
CVE-2015-9072 is described as an untrusted pointer dereference in a Qualcomm TrustZone syscall affecting Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is rated with high/critical impact in CVSS terms (network access, no auth, user interaction not required; co...
CVE-2016-10380
CVE-2016-10380 affects Qualcomm components in Android CAF builds and relates to an information disclosure where the UE can send unprotected MeasurementReports that reveal UE location. Affected environment is Qualcomm-based Android devices using CAF with the Linux kernel. The underlying issue is i...
CVE-2017-8243
CVE-2017-8243 is documented with concrete details in connected sources: it affects Qualcomm components, specifically the SoC driver, categorized as Elevation of Privilege (EoP) with a Moderate impact. The root cause is a buffer overflow that can occur when processing a firmware image file. Public...
CVE-2017-8256
CVE-2017-8256 affects Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is an array bounds issue that can occur when userspace sends more than 16 multicast addresses, potentially enabling memory corruption within the kernel. The NVD entry lists CVSS2/3 base score...
CVE-2019-20606
CVE-2019-20606 affects Samsung mobile devices with software prior to May 2019. A phishing attack against the OMACP service can change network and internet settings (Samsung ID SVE-2019-14073). The NVD entries show CVSSv3.1 base score 9.3 (NETWORK, UI REQUIRED, I:H, A:H) and CVSSv2.0 base 5.8 (I:P...
CVE-2023-21301
CVE-2023-21301 affects Android’s ActivityManagerService and enables a local attacker to determine whether an app is installed without query permissions through a side-channel information disclosure. This could lead to local privilege escalation without additional execution privileges or user inte...
CVE-2023-21332
CVE-2023-21332 concerns Android’s Text Services, where a side-channel could reveal whether an app is installed without query permissions. This enables local information disclosure with no extra execution privileges and no user interaction required. The issue is categorized as affecting the Text S...
CVE-2023-21371
CVE-2023-21371 affects Android’s Secure Element. The issue is an out-of-bounds write caused by an integer overflow in Secure Element code, enabling local escalation of privilege to System execution privileges without user interaction. Exploitation details are not provided in the connected documen...
CVE-2014-9964
Technical details about CVE-2014-9964 (affected components, root cause, affected versions, exploitability, remediation) are not publicly provided in the connected documents. Monitor for updates from official sources (NVD, Android bulletins) for specifics.
CVE-2015-9025
CVE-2015-9025 describes a buffer overflow in the QTEE application used in CAF Android builds (Linux kernel). The underlying issue is a buffer overflow in QTEE, enabling potential arbitrary code execution on affected devices. Public references confirm the Android QTEE vulnerability and describe it...
CVE-2015-9034
Summary: CVE-2015-9034 is a buffer overflow in Qualcomm closed-source components used in Android CAF builds with the Linux kernel, caused by a SIP string not being null-terminated. This vulnerability affects Qualcomm components in Android and has a CVSS v3 base score of 9.8 (CRITICAL) with networ...
CVE-2015-9036
CVE-2015-9036 describes a memory-corruption vulnerability in Qualcomm components used in Android CAF builds (Linux kernel). The root cause is an incorrect length used when clearing a memory buffer, which can corrupt adjacent memory. Affected products are Qualcomm/CAF Android releases that rely on...
CVE-2015-9045
CVE-2015-9045 is a buffer overflow vulnerability in Qualcomm GERAN within CAF Android builds that use the Linux kernel. The flaw allows a buffer overflow while taking power measurements, impacting affected Qualcomm components. The CVSS data in the public record indicates a high to critical impact...
CVE-2015-9062
Technical details about CVE-2015-9062 are not publicly provided in the connected documents. Monitor for updates.
CVE-2016-10239
CVE-2016-10239 involves a potential bypass of the TrustZone access control policy in Android CAF builds using the Linux kernel. The description notes improper input validation that could cause an integer overflow, potentially leading to a buffer overflow and a buffer over-read. The NVD entry also...
CVE-2023-21299
CVE-2023-21299 affects Android’s Package Manager, allowing an attacker to determine whether an app is installed via a side‑channel information disclosure. Impact: local information disclosure without extra privileges or user interaction. The vulnerability is described in multiple sources (includi...
CVE-2023-21304
CVE-2023-21304 describes an information-disclosure flaw in Android’s Content Service that can reveal whether an app is installed without query permissions, via a side-channel. The issue allows local information leakage without extra execution privileges and does not require user interaction to ex...
CVE-2023-21318
CVE-2023-21318 affects the Android Framework layer in Android 14, where a side-channel information disclosure could allow an attacker to infer whether an arbitrary app is installed. The NVD entry describes a local attack with low complexity, requiring low privileges and no user interaction, leadi...
CVE-2023-21338
CVE-2023-21338 affects Android’s Input Method. The issue is a side-channel information disclosure that lets an app determine whether another app is installed without query permissions, enabling local elevation of privilege with no additional execution privileges required. The Android 14 security ...
CVE-2023-21344
CVE-2023-21344 affects Android’s Job Scheduler. The issue enables a local attacker to determine whether an app is installed via a side-channel information disclosure, without query permissions and with no user interaction. Impact is local information disclosure; exploitation requires local access...
CVE-2023-21349
In CVE-2023-21349, the Android Package Manager exposes a side-channel to determine whether an app is installed without query permissions, enabling local information disclosure with no privileges required and no user interaction. Multiple connected sources (NVD entry and Red Hat/CVE pages, CNVD, a...
CVE-2014-9974
CVE-2014-9974 is described in connected records as a Qualcomm component vulnerability affecting Android CAF builds using the Linux kernel, arising from missing validation of buffer lengths in Keymaster. The CNVD-2017-26641 entry explicitly documents a buffer length validation failure in the Qualc...
CVE-2014-9979
CVE-2014-9979 affects Qualcomm products with CAF Android builds using the Linux kernel. The vulnerability is a TrustZone system call issue caused by an uninitialized variable in the kernel, potentially leading to compromise of secure memory. The available documents explicitly describe the root ca...
CVE-2015-9035
CVE-2015-9035 describes a memory-management defect in Qualcomm components used in Android CAF builds on Linux kernels, where a memory buffer is not freed after use, potentially leading to memory exhaustion. Public sources in the connected set (NVD entry, CNVD-2017-26829, CNVD/CVEs and EUVD-2015-8...
CVE-2015-9047
CVE-2015-9047 affects Qualcomm components in Android CAF builds using the Linux kernel, describing a GNSS vulnerability that occurs when a scan is performed after bootup. The CVE entry notes affected software as Qualcomm products with CAF Android releases and the GNSS subsystem, with a CVSSv3 bas...
CVE-2015-9055
Technical details for CVE-2015-9055 are not publicly provided in the connected documents. Please monitor for updates; current documents do not specify affected products, versions, root cause, or fixes beyond the high‑level description.
CVE-2016-10337
Technical details for CVE-2016-10337 are not publicly available in the provided connected documents. The materials confirm a generic Android/Linux kernel validation issue but do not specify affected products, versions, exploitability, impact, or fixes. Monitor for updates.
CVE-2016-10347
CVE-2016-10347 affects Qualcomm components in Android CAF builds using the Linux kernel; the issue is that an argument to a hypervisor function is not properly validated, enabling potential remote exploitation. The vulnerability is serious (CVSS v3 base score 9.8, CRITICAL) with network access an...