| Month | Quarter | Year |
|---|---|---|
| #37 | #36 | #N/A |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2017-11079 | CWE-200 | Information Leak / Disclosure | 9.8 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.
|
|||
| CVE-2017-11078 | CWE-125 | Out-of-bounds Read | 7.8 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot.
|
|||
| CVE-2017-11072 | CWE-119 | Buffer Errors | 7.8 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs.
|
|||
| CVE-2017-11069 | CWE-119 | Buffer Errors | 7.8 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow.
|
|||
| CVE-2017-11066 | CWE-200 | Information Leak / Disclosure | 7.5 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed.
|
|||
| CVE-2017-11027 | CWE-20 | Input Validation | 7.8 |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability.
|
|||
| CVE-2017-11017 | CWE-119 | Buffer Errors | 7.8 |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory.
|
|||
| CVE-2017-11007 | CWE-119 | Buffer Errors | 7.8 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.
|
|||
| CVE-2017-11003 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size.
|
|||
| CVE-2017-0576 | CWE-264 | Permissions, Privileges, and Access Control | 7.0 |
|
An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.
|
|||