| Month | Quarter | Year |
|---|---|---|
| #26 | #96 | #202 |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2019-2326 | CWE-129 | Improper Validation of Array Index | 7.8 |
|
Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
|
|||
| CVE-2018-3597 | CWE-20 | Input Validation | 7.8 |
|
In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur.
|
|||
| CVE-2018-3572 | CWE-119 | Buffer Errors | 7.8 |
|
While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
|
|||
| CVE-2018-3571 | CWE-416 | Use After Free | 7.8 |
|
In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations
|
|||
| CVE-2018-3563 | CWE-476 | NULL Pointer Dereference | 7.8 |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in apr_cb_func can lead to an arbitrary code execution.
|
|||
| CVE-2017-15829 | CWE-362 | Race Conditions | 7.0 |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
|
|||
| CVE-2017-15826 | CWE-415 | Double Free | 7.8 |
|
Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures.
|
|||
| CVE-2017-15820 | CWE-416 | Use After Free | 7.8 |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
|
|||
| CVE-2017-14873 | CWE-119 | Buffer Errors | 7.8 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur.
|
|||
| CVE-2017-13269 | CWE-200 | Information Leak / Disclosure | 4.3 |
|
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.
|
|||