qcacld-3.0

CVEs (18)

• CVE-2018-5862Jul 6, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can…

• CVE-2018-5853Jul 6, 2018
  Google

  Android
  risk 0.00cvss —epss 0.00

  A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition.

• CVE-2018-3569Jul 6, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

• CVE-2018-5893Jul 6, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.

• CVE-2018-5834Jul 6, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

• CVE-2017-17766Mar 30, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead…

• CVE-2017-14883Mar 30, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using…

• CVE-2017-15823Mar 30, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow.

• CVE-2017-18060Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory…

• CVE-2017-18050Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds…

• CVE-2017-18059Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read.

• CVE-2017-15831Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation check on a event_info value coming from firmware, which can cause an integer…

• CVE-2017-15830Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.

• CVE-2017-18054Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.

• CVE-2017-18065Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary code execution.

• CVE-2017-18052Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from…

• CVE-2017-18053Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read.

• CVE-2017-18055Mar 16, 2018
  Qualcomm

  qcacld-3.0
  risk 0.00cvss —epss 0.00

  In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer…