1454 matches found
CVE-2014-9951
In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.
CVE-2014-9954
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.
CVE-2015-9007
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
CVE-2015-9012
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.
CVE-2016-11025
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).
CVE-2016-11028
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).
CVE-2016-11038
An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5...
CVE-2017-11010
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.
CVE-2017-11066
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed.
CVE-2017-11079
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.
CVE-2017-11080
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296.
CVE-2017-11081
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes...
CVE-2017-11090
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes.
CVE-2017-13213
An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.
CVE-2017-13270
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.
CVE-2017-13306
A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063.
CVE-2017-14887
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur.
CVE-2017-14894
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. This vdev id can be greater ...
CVE-2017-14900
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs.
CVE-2017-15814
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to impro...
CVE-2017-15817
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.
CVE-2017-15821
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite.
CVE-2017-15824
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak mem...
CVE-2017-15835
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.
CVE-2017-15853
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is inval...
CVE-2017-17770
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur.
CVE-2017-18066
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().
CVE-2017-6274
An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274.
CVE-2017-6293
In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 TZ contains a vulnerability in Widevine TA where the software writes data past the end, or before the beginning, of the intended buffer, which may lead to escalation of Privileges. This issue is rated as high. Android: A-6937736...
CVE-2017-9721
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image.
CVE-2018-11260
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero.
CVE-2018-11276
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.
CVE-2018-11878
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function.
CVE-2018-11985
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.
CVE-2018-5826
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver.
CVE-2018-5834
In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
CVE-2018-5890
If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
CVE-2018-5904
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur.
CVE-2020-0223
This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450
CVE-2020-0235
In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variable, of type "struct crus_sp_ioctl_header".Product: AndroidVe...
CVE-2021-0489
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183...
CVE-2021-0493
In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183...
CVE-2021-0496
In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183467912
CVE-2021-0525
In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193929
CVE-2014-9928
In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
CVE-2014-9948
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.
CVE-2015-9011
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
CVE-2016-10235
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.
CVE-2016-11053
An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016).
CVE-2017-0431
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899.