Android for MSM

CVEs (63)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-17766	QRD QRD Android	Cri	0.64	9.8	0.01	Mar 30, 2018	In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead…
CVE-2017-14876	Qualcomm QRD Android	Cri	0.64	9.8	0.01	Mar 30, 2018	In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.
CVE-2017-18067	Google Android for MSM	Cri	0.64	9.8	0.03	Mar 15, 2018	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.
CVE-2017-15815	Google Android for MSM	Cri	0.64	9.8	0.01	Mar 15, 2018	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.
CVE-2017-11079	Google Android for MSM	Cri	0.64	9.8	0.00	Jan 10, 2018	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.
CVE-2017-6211	Linux Kernel	Cri	0.64	9.8	0.01	Dec 5, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.
CVE-2017-14918	Google Android	Cri	0.64	9.8	0.01	Dec 5, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.
CVE-2017-14917	Google Android	Cri	0.64	9.8	0.01	Dec 5, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
CVE-2017-14916	Google Android	Cri	0.64	9.8	0.01	Dec 5, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
CVE-2017-14909	Linux Linux Kernel	Cri	0.64	9.8	0.01	Dec 5, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.
CVE-2017-14908	Google Android	Cri	0.64	9.8	0.01	Dec 5, 2017	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.
CVE-2017-14879	Google Android for MSM	Hig	0.57	8.8	0.00	Jan 10, 2018	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned…
CVE-2017-15818	CAF linux kernel	Hig	0.51	7.8	0.00	Sep 18, 2018	In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size.
CVE-2017-15842	Linux Linux Kernel	Hig	0.51	7.8	0.00	Jun 12, 2018	Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVE-2017-15823	QRD QRD Android	Hig	0.51	7.8	0.00	Mar 30, 2018	In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow.
CVE-2017-14892	Qualcomm QRD Android	Hig	0.51	7.8	0.00	Mar 30, 2018	In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access.
CVE-2017-18066	Linux Kernel	Hig	0.51	7.8	0.00	Mar 16, 2018	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().
CVE-2017-18061	Google Android for MSM	Hig	0.51	7.8	0.00	Mar 16, 2018	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas().
CVE-2017-18054	Google Android for MSM	Hig	0.51	7.8	0.00	Mar 16, 2018	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.
CVE-2017-15833	Google Android for MSM	Hig	0.51	7.8	0.00	Mar 16, 2018	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure.

CVE-2017-17766CriMar 30, 2018
QRD
QRD Android
risk 0.64cvss 9.8epss 0.01
In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead…
CVE-2017-14876CriMar 30, 2018
Qualcomm
QRD Android
risk 0.64cvss 9.8epss 0.01
In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.
CVE-2017-18067CriMar 15, 2018
Google
Android for MSM
risk 0.64cvss 9.8epss 0.03
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.
CVE-2017-15815CriMar 15, 2018
Google
Android for MSM
risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.
CVE-2017-11079CriJan 10, 2018
Google
Android for MSM
risk 0.64cvss 9.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.
CVE-2017-6211CriDec 5, 2017
Linux
Kernel
risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.
CVE-2017-14918CriDec 5, 2017
Google
Android
risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.
CVE-2017-14917CriDec 5, 2017
Google
Android
risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
CVE-2017-14916CriDec 5, 2017
Google
Android
risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
CVE-2017-14909CriDec 5, 2017
Linux
Linux Kernel
risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.
CVE-2017-14908CriDec 5, 2017
Google
Android
risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.
CVE-2017-14879HigJan 10, 2018
Google
Android for MSM
risk 0.57cvss 8.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned…
CVE-2017-15818HigSep 18, 2018
CAF
linux kernel
risk 0.51cvss 7.8epss 0.00
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size.
CVE-2017-15842HigJun 12, 2018
Linux
Linux Kernel
risk 0.51cvss 7.8epss 0.00
Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVE-2017-15823HigMar 30, 2018
QRD
QRD Android
risk 0.51cvss 7.8epss 0.00
In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow.
CVE-2017-14892HigMar 30, 2018
Qualcomm
QRD Android
risk 0.51cvss 7.8epss 0.00
In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access.
CVE-2017-18066HigMar 16, 2018
Linux
Kernel
risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().
CVE-2017-18061HigMar 16, 2018
Google
Android for MSM
risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas().
CVE-2017-18054HigMar 16, 2018
Google
Android for MSM
risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.
CVE-2017-15833HigMar 16, 2018
Google
Android for MSM
risk 0.51cvss 7.8epss 0.00
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure.

Page 1 of 4