VYPR

Firefox OS for MSM

by Qualcomm

CVEs (22)

  • CVE-2017-18147CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.01

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.

  • CVE-2017-14883CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using…

  • CVE-2016-5861HigAug 16, 2017
    risk 0.57cvss 8.8epss 0.00

    In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.

  • CVE-2018-5825HigApr 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur.

  • CVE-2018-5824HigApr 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if…

  • CVE-2017-14880HigApr 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule"…

  • CVE-2016-5864HigAug 16, 2017
    risk 0.51cvss 7.8epss 0.01

    In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check…

  • CVE-2016-5863HigAug 16, 2017
    risk 0.51cvss 7.8epss 0.01

    In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.

  • CVE-2018-5821HigApr 3, 2018
    risk 0.47cvss 7.3epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event(), wake_info->vdev_id is received from FW and is used directly as array index…

  • CVE-2017-15836HigApr 3, 2018
    risk 0.47cvss 7.3epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it…

  • CVE-2016-5862HigAug 16, 2017
    risk 0.46cvss 7.0epss 0.01

    When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel…

  • CVE-2016-5860HigAug 16, 2017
    risk 0.46cvss 7.0epss 0.01

    In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow.

  • CVE-2016-5859HigAug 16, 2017
    risk 0.46cvss 7.0epss 0.01

    In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow.

  • CVE-2017-15824MedJul 6, 2018
    risk 0.36cvss 5.5epss 0.00

    In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may…

  • CVE-2016-5858MedAug 16, 2017
    risk 0.31cvss 4.7epss 0.01

    In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs.

  • CVE-2016-5855MedAug 16, 2017
    risk 0.31cvss 4.7epss 0.00

    In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.

  • CVE-2016-5854MedAug 16, 2017
    risk 0.31cvss 4.7epss 0.00

    In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.

  • CVE-2018-13889Feb 11, 2019
    risk 0.00cvss epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed

  • CVE-2018-12011Feb 11, 2019
    risk 0.00cvss epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.

  • CVE-2018-11962Feb 11, 2019
    risk 0.00cvss epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.

Page 1 of 2