| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. |
| An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426. |
| An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384. |
| Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. |
| An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. |
| In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. |
| A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. |
| Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775. |
| In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. |
| A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457. |
| In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist. |
| In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. |
| In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. |
| An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105. |
| In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209. |
| In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. |
| In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. |
| In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. |
| The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. |
