Android Msm
by Codeaurora
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2597 | Hig | 0.67 | 8.4 | 0.02 | KEV | Aug 31, 2014 | Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an… | |
| CVE-2018-11263 | Hig | 0.57 | 8.8 | 0.00 | Sep 6, 2018 | In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater… | ||
| CVE-2018-11281 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2018 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after… | ||
| CVE-2018-3587 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2018 | In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur. | ||
| CVE-2018-5848 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2018 | In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using… | ||
| CVE-2018-5847 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2018 | Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | ||
| CVE-2018-5828 | Hig | 0.51 | 7.8 | 0.00 | Apr 3, 2018 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not… | ||
| CVE-2018-5825 | Hig | 0.51 | 7.8 | 0.00 | Apr 3, 2018 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur. | ||
| CVE-2018-5822 | Hig | 0.47 | 7.3 | 0.00 | Apr 3, 2018 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite. | ||
| CVE-2018-5821 | Hig | 0.47 | 7.3 | 0.00 | Apr 3, 2018 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event(), wake_info->vdev_id is received from FW and is used directly as array index… | ||
| CVE-2018-11962 | 0.00 | — | 0.00 | Feb 11, 2019 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory. | |||
| CVE-2018-12014 | 0.00 | — | 0.00 | Feb 11, 2019 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer. | |||
| CVE-2018-13889 | 0.00 | — | 0.00 | Feb 11, 2019 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed | |||
| CVE-2018-12011 | 0.00 | — | 0.00 | Feb 11, 2019 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure. | |||
| CVE-2018-11983 | 0.00 | — | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table. | |||
| CVE-2018-11988 | 0.00 | — | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed. | |||
| CVE-2018-11985 | 0.00 | — | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer. | |||
| CVE-2018-11984 | 0.00 | — | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver. | |||
| CVE-2018-11964 | 0.00 | — | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. | |||
| CVE-2017-15835 | 0.00 | — | 0.00 | Dec 7, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a… |
- risk 0.67cvss 8.4epss 0.02
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an…
- risk 0.57cvss 8.8epss 0.00
In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater…
- risk 0.51cvss 7.8epss 0.00
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after…
- risk 0.51cvss 7.8epss 0.00
In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur.
- risk 0.51cvss 7.8epss 0.00
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using…
- risk 0.51cvss 7.8epss 0.00
Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
- risk 0.51cvss 7.8epss 0.00
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not…
- risk 0.51cvss 7.8epss 0.00
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur.
- risk 0.47cvss 7.3epss 0.00
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite.
- risk 0.47cvss 7.3epss 0.00
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event(), wake_info->vdev_id is received from FW and is used directly as array index…
- CVE-2018-11962Feb 11, 2019risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.
- CVE-2018-12014Feb 11, 2019risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.
- CVE-2018-13889Feb 11, 2019risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed
- CVE-2018-12011Feb 11, 2019risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.
- CVE-2018-11983Dec 20, 2018risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.
- CVE-2018-11988Dec 20, 2018risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.
- CVE-2018-11985Dec 20, 2018risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.
- CVE-2018-11984Dec 20, 2018risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.
- CVE-2018-11964Dec 20, 2018risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue.
- CVE-2017-15835Dec 7, 2018risk 0.00cvss —epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a…
Page 1 of 2