| Month | Quarter | Year |
|---|---|---|
| #5 | #10 | #13 |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2018-13893 | CWE-119 | Buffer Errors | 7.8 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
|
|||
| CVE-2018-12011 | CWE-200 | Information Leak / Disclosure | 5.5 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.
|
|||
| CVE-2018-12010 | CWE-119 | Buffer Errors | 7.8 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.
|
|||
| CVE-2018-12006 | CWE-200 | Information Leak / Disclosure | 5.5 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.
|
|||
| CVE-2018-11987 | CWE-415 | Double Free | 7.8 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.
|
|||
| CVE-2018-11986 | CWE-119 | Buffer Errors | 7.8 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.
|
|||
| CVE-2018-11984 | CWE-416 | Use After Free | 7.8 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.
|
|||
| CVE-2018-11983 | CWE-416 | Use After Free | 7.8 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.
|
|||
| CVE-2018-11943 | CWE-399 | Resource Management Errors | 7.8 |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers.
|
|||
| CVE-2018-11940 | CWE-119 | Buffer Errors | 9.8 |
|
Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130
|
|||