| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length. |
| In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. |
| In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. |
| In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. |
| In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write. |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image. |
| In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver. |
| In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. |
| A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. |
| In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. |
| In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption. |
| In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. |
| In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. |
| In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. |
| In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. |
| In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. |
| NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android: A-63802421. References: N-CVE-2017-6276. |
