VYPR

CWE-129

Improper Validation of Array Index

VariantDraftLikelihood: High

Description

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-100

CVEs mapped to this weakness (149)

page 3 of 8
  • CVE-2018-11299HigSep 18, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to…

  • CVE-2018-5838HigJul 6, 2018
    risk 0.51cvss 7.8epss 0.00

    Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.

  • CVE-2018-5851HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.00

    Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2018-3576HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.00

    improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2017-15857HigJun 12, 2018
    risk 0.51cvss 7.8epss 0.00

    In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2017-15855HigMay 17, 2018
    risk 0.51cvss 7.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses…

  • CVE-2017-15830HigMar 16, 2018
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.

  • CVE-2017-14889HigMar 16, 2018
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion…

  • CVE-2017-15861HigFeb 23, 2018
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.

  • CVE-2017-0836HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.

  • CVE-2017-8251HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle.

  • CVE-2017-0805HigAug 24, 2017
    risk 0.51cvss 7.8epss 0.00

    A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.

  • CVE-2017-10663HigAug 19, 2017
    risk 0.51cvss 7.8epss 0.00

    The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

  • CVE-2017-0737HigAug 9, 2017
    risk 0.51cvss 7.8epss 0.00

    A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.

  • CVE-2017-0716HigAug 9, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196.

  • CVE-2014-9948HigJun 6, 2017
    risk 0.51cvss 7.8epss 0.00

    In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.

  • CVE-2017-0347HigMay 9, 2017
    risk 0.51cvss 7.8epss 0.00

    All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial…

  • CVE-2017-0345HigMay 9, 2017
    risk 0.51cvss 7.8epss 0.00

    All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to…

  • CVE-2017-0322HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential…

  • CVE-2016-8816HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or…