| Month | Quarter | Year |
|---|---|---|
| #35 | #17 | #23 |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2018-9563 | CWE-125 | Out-of-bounds Read | 6.5 |
|
In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-114237888
|
|||
| CVE-2018-11262 | CWE-787 | Out-of-bounds Write | 7.8 |
|
In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT.
|
|||
| CVE-2017-13217 | CWE-787 | Out-of-bounds Write | 7.8 |
|
In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077.
|
|||