334 matches found
CVE-2016-10384
CVE-2016-10384 affects Qualcomm products with Android CAF builds that use the Linux kernel and involve the WLAN driver ioctl. The underlying issue is a potentially reachable assertion in the WLAN driver ioctl, as described in the CVE entry. The Android Security Bulletin (April 2018) notes securit...
CVE-2016-5855
CVE-2016-5855 affects the Qualcomm SPCom driver in Qualcomm AMSS/Android stacks. The root cause is a user‑supplied buffer being cast to a structure without validating the source buffer size, potentially leading to memory corruption or information exposure as described in the CVE entry. Connected ...
CVE-2016-5858
CVE-2016-5858: A vulnerability in the ioctl handler of Qualcomm components used in Android for MSM, Firefox OS for MSM, and QRD Android. If a user supplies a value that is too large, it can cause an out-of-bounds read, leading to potential information disclosure. The description specifies the aff...
CVE-2017-8233
CVE-2017-8233 : This vulnerability affects Android CAF camera driver code on all CAF Android releases using the Linux kernel. The issue is a missing bounds check when writing into an array, which can lead to an out-of-bounds heap write. The provided documents do not specify affected product versi...
CVE-2017-8272
CVE-2017-8272 affects Qualcomm components in Android CAF builds using the Linux kernel. In a driver function, a value supplied from userspace is not properly validated, potentially causing an out-of-bounds heap write. The vulnerability is described as a kernel-level issue with the potential for m...
CVE-2023-21303
CVE-2023-21303 is an information-disclosure flaw affecting Android where an attacker can infer whether an app is installed via a side channel without query permissions. It enables local information leakage with no user interaction and requires only local access. Android 14 release notes indicate ...
CVE-2023-21316
CVE-2023-21316 affects Google Android: an information-disclosure side channel in content that lets an app determine whether another app is installed without query permissions. Local attack with no user interaction; no explicit exploit details or affected versions are provided in the documents. Re...
CVE-2014-9963
CVE-2014-9963 describes a buffer overflow in WideVine DRM present in Android CAF builds using the Linux kernel. The connected sources confirm a DRM component buffer overflow, implying potential arbitrary code execution under certain conditions, with CVSS indicating HIGH severity (local access, us...
CVE-2014-9965
Technical details about CVE-2014-9965 are not publicly available in the provided connected documents. The descriptions restate the parsing issue in Android CAF/Linux SCM call handling; monitor for updates from the cited sources.
CVE-2014-9977
CVE-2014-9977 describes a buffer overflow in the PlayReady DRM within Qualcomm closed‑source components used by Android CAF on Linux, enabling potential arbitrary code execution or denial of service as described in linked CNVD/NVD entries. Affected: Qualcomm PlayReady DRM in Android CAF/Linux ker...
CVE-2015-9003
In CVE-2015-9003, a cryptographic issue in TrustZone could potentially affect all Android releases from CAF using the Linux kernel. The connected documents identify TrustZone/Android CAF/Linux kernel as the affected area, but do not provide detailed root cause, affected subcomponents, specific vu...
CVE-2015-9039
Summary: CVE-2015-9039 affects the Qualcomm eMBMS component in Android CAF builds that use the Linux kernel. The root cause is an assertion that can be reached by a sequence of downlink messages in eMBMS, enabling a potential unauthorized operation. The vulnerability has a high/critical impact pr...
CVE-2015-9046
Technical details about CVE-2015-9046 are not publicly provided in the supplied documents. No specific impact, affected products, or fixes are disclosed here. Monitor for updates.
CVE-2015-9050
CVE-2015-9050 describes an out-of-bounds access during a CA call in Qualcomm CAF Android/Linux kernel components. The NVD entry assigns CRITICAL risk (CVSS3: 9.8) with network attack vector and no user interaction. Connected documents refer to Qualcomm/Android out-of-bounds issues but do not prov...
CVE-2015-9052
CVE-2015-9052 affects Qualcomm components in Android CAF builds using the Linux kernel LTE stack; the issue is an assertion that can be reached while processing a downlink message. The provided documents do not specify affected product versions, exact root cause details, exploit status, or availa...
CVE-2016-10382
CVE-2016-10382 affects Qualcomm products running CAF Android builds on the Linux kernel. The issue is insufficient access control for the I2C bus, enabling potential improper access. Public details consistently describe it as a high-severity vulnerability with a CVSSv3 base score of 9.8 (CRITICAL...
CVE-2016-5872
CVE-2016-5872 affects Qualcomm components in Android CAF builds that use the Linux kernel, where arguments to several QTEE syscalls are not properly validated. This could allow a crafted input to impact or compromise the kernel under affected conditions, with the CVSS indicating a high-severity, ...
CVE-2017-8238
CVE-2017-8238 affects Android CAF builds that use the Linux kernel, with a buffer overflow in a camera function. Documented impact indicates high severity (I/H/A) and local exploitability (CVSSv3: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H); CVSSv2 references network vector in that scheme. Connected rec...
CVE-2017-8253
CVE-2017-8253 affects Qualcomm components in Android CAF builds using the Linux kernel. The issue can allow kernel memory overwrite when an invalid master is sent from userspace, leading to elevation of privilege within the kernel context. The initial document lists it as a high-severity, EoP-typ...
CVE-2023-21311
CVE-2023-21311 describes an information-disclosure vulnerability in Android Settings where a permissions bypass could let a secondary user control private DNS settings. Exploitation is local (ATT&CK-like, not remote), requires no user interaction, and could disclose private information without ad...
CVE-2014-9978
CVE-2014-9978 (and related CNVD-2017-25680) describes a buffer overflow in the QTEE service of Qualcomm closed‑source components used by Android CAF/Linux kernels. The vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service within Qualcomm/Android enviro...
CVE-2015-9021
CVE-2015-9021 describes a security issue where, in all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. The entry lists a MEDIUM overall impact (CVSS2: AV:N/AC:M/Au:N/C:N/I:N/A:P; CVSS3: LOCAL, LOW/L, NONE to partial impacts) and indicates no public...
CVE-2023-21341
CVE-2023-21341 concerns Android’s Permission Manager, where a missing permission check can bypass required permissions, enabling local elevation of privilege. The issue is described as a local, low-privilege escalation with no user interaction required. Affected product/area: Android components r...
CVE-2015-9049
CVE-2015-9049 is corroborated by connected sources describing an input-validation vulnerability in Qualcomm’s closed‑source components (USIM handling) within Android CAF Linux environments. CNVD-2017-26834 outlines an unauthorized-operations flaw in the Qualcomm Android component causing remote e...
CVE-2023-21300
Summary: CVE-2023-21300 affects Android’s PackageManager and arises from a side-channel information disclosure that allows a local attacker to infer whether an app is installed without query permissions. This is described as a local information disclosure with no additional execution privileges r...
CVE-2023-21308
CVE-2023-21308 : In Composer, a missing bounds check allows an out-of-bounds read which could enable local escalation of privilege without user interaction. Exploitation details/affected versions are not disclosed in the provided documents. No patch/remediation information is included here. If ex...
CVE-2015-0574
CVE-2015-0574 is described in multiple sources as a file system input validation vulnerability in Qualcomm components used in Android CAF builds on the Linux kernel. The root cause is insufficient validation of filesystem access, which could enable an attacker to execute arbitrary code. Concrete ...
CVE-2015-9060
CVE-2015-9060 affects Qualcomm products with CAF Android builds using the Linux kernel. The issue is a pointer validation flaw in a QTEE system call, as described in the CVE description. The connected documents confirm the root cause (improper pointer validation) and the affected context (Qualcom...
CVE-2015-9038
CVE-2015-9038 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel. Description: a NULL pointer may be dereferenced in the front end, caused by NULL pointer usage in the vulnerable path. Root cause: NULL pointer dereference. Impact: potential crash or denial of s...
CVE-2016-5862
CVE-2016-5862 affects Qualcomm-based Android for MSM codecs; the vulnerability arises when a codec control issued from userspace is cast to the container structure rather than the codec’s own structure. This type confusion can lead to a kernel crash and a subsequent device restart on affected Qua...
CVE-2023-21323
CVE-2023-21323 is an information-disclosure vulnerability in Android's Activity Manager that could let a local attacker determine whether an app is installed without query permissions. The issue stems from a side-channel disclosure, requiring no user interaction and no additional execution privil...
CVE-2023-21345
CVE-2023-21345 is described as an information-disclosure issue in Android’s Game Manager Service where an attacker can determine if an app is installed without query permissions via a side-channel. The available documents indicate local exploitation with no user interaction and a low overall risk...
CVE-2015-9043
CVE-2015-9043 is described in connected sources as a NULL pointer dereference vulnerability affecting Qualcomm components in Android CAF builds using the Linux kernel. The root cause, as stated, is a NULL pointer dereference on timer expiry, with impact described as high/critical in CVSS terms. T...
CVE-2025-21024
Samsung Smart View before Android 16 is affected by CVE-2025-21024 due to the use of implicit intents for sensitive communication, enabling local attackers to access sensitive information through the affected component. The issue is described across multiple sources as a vulnerability in Smart Vi...