qcacld-3.0
by Qualcomm
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5862 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can… | ||
| CVE-2018-5893 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur. | ||
| CVE-2018-3569 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||
| CVE-2017-18065 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary code execution. | ||
| CVE-2017-18054 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow. | ||
| CVE-2017-18050 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds… | ||
| CVE-2017-14889 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion… | ||
| CVE-2017-18068 | Hig | 0.51 | 7.8 | 0.00 | Mar 15, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow. | ||
| CVE-2017-18059 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read. | ||
| CVE-2017-18053 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read. | ||
| CVE-2017-18052 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from… | ||
| CVE-2017-14878 | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service. | ||
| CVE-2018-5853 | Hig | 0.46 | 7.0 | 0.00 | Jul 6, 2018 | A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition. | ||
| CVE-2018-5836 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2018 | In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to… |
- risk 0.51cvss 7.8epss 0.00
In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can…
- risk 0.51cvss 7.8epss 0.00
While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.
- risk 0.51cvss 7.8epss 0.00
A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
- risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handler(), which is received from firmware, leads to arbitrary code execution.
- risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.
- risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds…
- risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion…
- risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from…
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service.
- risk 0.46cvss 7.0epss 0.00
A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition.
- risk 0.36cvss 5.5epss 0.00
In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to…