Linux kernel
by Qualcomm
CVEs (54)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9047 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. | ||
| CVE-2015-9045 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. | ||
| CVE-2015-9044 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. | ||
| CVE-2015-9043 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. | ||
| CVE-2015-9037 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. | ||
| CVE-2015-9035 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. | ||
| CVE-2015-8596 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. | ||
| CVE-2015-8595 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. | ||
| CVE-2015-8593 | Cri | 0.64 | 9.8 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | ||
| CVE-2016-5343 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2016 | drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly… | ||
| CVE-2016-10383 | Hig | 0.53 | 8.1 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | ||
| CVE-2017-18159 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur. | ||
| CVE-2017-15855 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2018 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses… | ||
| CVE-2017-17765 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to… | ||
| CVE-2017-17764 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead… | ||
| CVE-2017-15862 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a… | ||
| CVE-2017-15861 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation. | ||
| CVE-2017-15820 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur. | ||
| CVE-2017-15817 | Hig | 0.51 | 7.8 | 0.01 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure. | ||
| CVE-2017-9724 | Hig | 0.51 | 7.8 | 0.00 | Sep 21, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address. |
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.
- risk 0.64cvss 9.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.
- risk 0.64cvss 9.8epss 0.03
drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly…
- risk 0.53cvss 8.1epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.
- risk 0.51cvss 7.8epss 0.00
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur.
- risk 0.51cvss 7.8epss 0.00
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses…
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to…
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead…
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a…
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
- risk 0.51cvss 7.8epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.
Page 2 of 3