| Month | Quarter | Year |
|---|---|---|
| #N/A | #N/A | #N/A |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2018-5897 | CWE-119 | Buffer Errors | 7.5 |
|
While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
|
|||
| CVE-2018-5896 | CWE-125 | Out-of-bounds Read | 7.1 |
|
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied.
|
|||
| CVE-2018-5832 | CWE-416 | Use After Free | 7.0 |
|
Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur.
|
|||
| CVE-2018-11818 | CWE-416 | Use After Free | 7.0 |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition.
|
|||
| CVE-2017-9720 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.
|
|||
| CVE-2017-9717 | CWE-119 | Buffer Errors | 7.5 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur.
|
|||
| CVE-2017-9715 | CWE-119 | Buffer Errors | 7.5 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur.
|
|||
| CVE-2017-9702 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver.
|
|||
| CVE-2017-9696 | CWE-200 | Information Leak / Disclosure | 7.5 |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX".
|
|||
| CVE-2017-9694 | CWE-20 | Input Validation | 7.8 |
|
While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur.
|
|||