All vulnerabilities

Alternatively view vulnerabilities by:

Browser Cross-App Scripting

(json)

CVE numbers: CVE-2011-2357 [watchfire-crossapp][archived]
Coordinated disclosure?: true
Categories: app
Details: Android browser could be tricked into running javascript in the domain of a different app [watchfire-crossapp][archived]
Discovered by: Roee Hay and Yair Amit of the IBM Rational Application Security Research Group [citation-needed] on: Unknown
Reported on: 2011-07-31 [watchfire-crossapp][archived]
Fixed on: 2011-06-20 [browser-fix]
Fix released on: Unknown
Affected versions: 2.3.4, 3.1 [watchfire-crossapp][archived] regex:
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.5, 3.2 [citation-needed]
Submission: by: Roee Hay, on: 2015-10-15

APK duplicate file

(json)

CVE numbers: ANDROID-8219321 [citation-needed], CVE-2013-4787 [citation-needed]
Coordinated disclosure?: true
Categories: signature
Details: Android does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature. Android security bug 8219321. [citation-needed]
Discovered by: Jeff Forristal of Bluebox security [bluebox-master-key][archived] on: 2013-02-18 [bluebox-master-key][archived]
Reported on: 2013-07-03 [bluebox-master-key][archived]
Fixed on: 2013-02-18 [patch-apk-dup-file]
Fix released on: 2013-07-24 [verge-android-4.3]
Affected versions: 1.6-4.2 [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-2].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.3_r0.9 [patch-apk-dup-file]
Submission: by: Daniel R. Thomas, on: 2013-09-02

APK unchecked name

(json)

CVE numbers: ANDROID-9950697 [citation-needed]
Coordinated disclosure?: false
Categories: signature
Details: APK signature verification does not check name lengths correctly, creating a difference between how the zip files are verified compared with how they are extracted which allows files in an existing APK to be replaced with new files. [saurik-19] Exploited by RockMyMoto [androidpolice-rockmymoto]
Discovered by: Jay Freeman (saurik) [saurik-19], Elliott Hughes enh@google.com [android-issue-57851] on: 2013-06-30 [saurik-19]
Reported on: 2013-11-01 [saurik-19], 2013-11-01 [CydiaImpactor-396439244782067713]
Fixed on: 2013-07-21 [patch-unchecked-name]
Fix released on: Unknown
Affected versions: 4.3 and earlier [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.4 [patch-unchecked-name]
Submission: by: Daniel R. Thomas, on: 2013-11-14

APK unsigned shorts

(json)

CVE numbers: ANDROID-9695860 [citation-needed]
Coordinated disclosure?: true
Categories: signature
Details: File offsets in zips are supposed to be unsigned but were interpreted as signed allowing different content to be verified from the content executed. [citation-needed]
Discovered by: on: Unknown
Reported on: 2013-07-10 [sina-shorts], 2013-07-10 [ard-police-shorts]
Fixed on: 2013-07-03 [patch-unsigned-shorts]
Fix released on: 2013-07-24 [verge-android-4.3]
Affected versions: 1.6-4.2 [citation-needed] regex: ([1-3].[0-9].[0-9])|(4.[0-2].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.3_r1 [patch-unsigned-shorts]
Submission: by: Daniel R. Thomas, on: 2013-09-04

Android Browser Exploit WebKit

(json)

CVE numbers: CVE-2011-1202 [webkit-and4-nvd1], CVE-2012-2825 [webkit-and4-nvd2], CVE-2012-2871 [webkit-and4-nvd3]
Coordinated disclosure?: false
Categories: system
Details: A series of vulnerabilities in XSL in WebKit that allow denial of service and other effects [webkit-and4-nvd3]
Discovered by: Hacking Team [android-paper] on: Unknown
Reported on: 2011-02-22 [webkit-and4-redhat]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.0 to 4.3 [android-paper] regex: 4.[0-3].[0-9]
Affected devices: all [webkit-and4-nvd3]
Affected manufacturers: all [webkit-and4-nvd3]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

CVE-2013-7446

(json)

CVE numbers: CVE-2013-7446 [Bulletin-CVE-2013-7446]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. [NIST-CVE-2013-7446]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2013-7446]
Fixed on: 2015-11-20 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2013-7446]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-6060

(json)

CVE numbers: CVE-2014-6060 [Bulletin-CVE-2014-6060]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in DHCPCD
Details: The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. [NIST-CVE-2014-6060]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2014-6060]
Fixed on: 2014-08-15 [ANDROID-16677003]
Fix released on: Unknown
Affected versions: 4.4.4 [Bulletin-CVE-2014-6060] regex: (4.4.4)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-6060]
Fixed versions: 4.4.4 [Bulletin-CVE-2014-6060]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9028

(json)

CVE numbers: CVE-2014-9028 [Bulletin-CVE-2014-9028]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libFLAC
Details: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. [NIST-CVE-2014-9028]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2014-9028]
Fixed on: 2015-02-27 [2]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2014-9028] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9028]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9322

(json)

CVE numbers: CVE-2014-9322 [Bulletin-CVE-2014-9322]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Kernel
Details: arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. [NIST-CVE-2014-9322]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2014-9322]
Fixed on: 2014-12-04 [11]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2014-9322] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9322]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2014-9322]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9529

(json)

CVE numbers: CVE-2014-9529 [Bulletin-CVE-2014-9529]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel security subsystem
Details: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. [NIST-CVE-2014-9529]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2014-9529]
Fixed on: 2014-12-29 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9529]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9794

(json)

CVE numbers: CVE-2014-9794 [Bulletin-CVE-2014-9794]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm components
Details: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0973. Reason: This candidate is a reservation duplicate of CVE-2014-0973. Notes: All CVE users should reference CVE-2014-0973 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. [NIST-CVE-2014-9794]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2014-9794]
Fixed on: 2014-04-21 [QC-CR646385]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9794]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9795

(json)

CVE numbers: CVE-2014-9795 [Bulletin-CVE-2014-9795]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm components
Details: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325. [NIST-CVE-2014-9795]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2014-9795]
Fixed on: 2014-06-18 [2]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9795]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9863

(json)

CVE numbers: CVE-2014-9863 [Bulletin-CVE-2014-9863]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm components
Details: Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470. [NIST-CVE-2014-9863]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2014-9863]
Fixed on: 2013-12-24 [QC-CR#549470]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9863]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9902

(json)

CVE numbers: CVE-2014-9902 [Bulletin-CVE-2014-9902]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Qualcomm Wi-Fi driver
Details: Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941. [NIST-CVE-2014-9902]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2014-9902]
Fixed on: 2013-11-07 [QC-CR#553937]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9902]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9914

(json)

CVE numbers: CVE-2014-9914 [Bulletin-CVE-2014-9914]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. [NIST-CVE-2014-9914]
Discovered by: on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2014-9914]
Fixed on: 2014-06-10 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9914]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9923

(json)

CVE numbers: CVE-2014-9923 [Bulletin-CVE-2014-9923]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. [NIST-CVE-2014-9923]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2014-9923]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9923]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2014-9924

(json)

CVE numbers: CVE-2014-9924 [Bulletin-CVE-2014-9924]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. [NIST-CVE-2014-9924]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2014-9924]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9924]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2014-9925

(json)

CVE numbers: CVE-2014-9925 [Bulletin-CVE-2014-9925]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. [NIST-CVE-2014-9925]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2014-9925]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9925]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2014-9926

(json)

CVE numbers: CVE-2014-9926 [Bulletin-CVE-2014-9926]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. [NIST-CVE-2014-9926]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2014-9926]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9926]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2014-9927

(json)

CVE numbers: CVE-2014-9927 [Bulletin-CVE-2014-9927]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. [NIST-CVE-2014-9927]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2014-9927]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9927]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2014-9928

(json)

CVE numbers: CVE-2014-9928 [Bulletin-CVE-2014-9928]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. [NIST-CVE-2014-9928]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2014-9928]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9928]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2014-9929

(json)

CVE numbers: CVE-2014-9929 [Bulletin-CVE-2014-9929]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist. [NIST-CVE-2014-9929]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2014-9929]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9929]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2014-9930

(json)

CVE numbers: CVE-2014-9930 [Bulletin-CVE-2014-9930]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. [NIST-CVE-2014-9930]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2014-9930]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9930]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2014-9931

(json)

CVE numbers: CVE-2014-9931 [Bulletin-CVE-2014-9931]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. [NIST-CVE-2014-9931]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2014-9931]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9931]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9932

(json)

CVE numbers: CVE-2014-9932 [Bulletin-CVE-2014-9932]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. [NIST-CVE-2014-9932]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2014-9932]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9932]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9933

(json)

CVE numbers: CVE-2014-9933 [Bulletin-CVE-2014-9933]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. [NIST-CVE-2014-9933]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2014-9933]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9933]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9934

(json)

CVE numbers: CVE-2014-9934 [Bulletin-CVE-2014-9934]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. [NIST-CVE-2014-9934]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2014-9934]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9934]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9935

(json)

CVE numbers: CVE-2014-9935 [Bulletin-CVE-2014-9935]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. [NIST-CVE-2014-9935]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2014-9935]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9935]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9936

(json)

CVE numbers: CVE-2014-9936 [Bulletin-CVE-2014-9936]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. [NIST-CVE-2014-9936]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2014-9936]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9936]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9937

(json)

CVE numbers: CVE-2014-9937 [Bulletin-CVE-2014-9937]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. [NIST-CVE-2014-9937]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2014-9937]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9937]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9953

(json)

CVE numbers: CVE-2014-9953 [Bulletin-CVE-2014-9953]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. [NIST-CVE-2014-9953]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2014-9953]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9953]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9960

(json)

CVE numbers: CVE-2014-9960 [Bulletin-CVE-2014-9960]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. [NIST-CVE-2014-9960]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2014-9960]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9960]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9961

(json)

CVE numbers: CVE-2014-9961 [Bulletin-CVE-2014-9961]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. [NIST-CVE-2014-9961]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2014-9961]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9961]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9967

(json)

CVE numbers: CVE-2014-9967 [Bulletin-CVE-2014-9967]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. [NIST-CVE-2014-9967]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2014-9967]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9967]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2014-9996

(json)

CVE numbers: CVE-2014-9996 [Bulletin-CVE-2014-9996]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components 2014-2016 cumulative update
Details: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur. [NIST-CVE-2014-9996]
Discovered by: on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2014-9996]
Fixed on: Unknown
Fix released on: 2018-04-05 [Bulletin-CVE-2014-9996]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9996]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2015-0569

(json)

CVE numbers: CVE-2015-0569 [Bulletin-CVE-2015-0569]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
Details: Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter. [NIST-CVE-2015-0569]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2015-0569]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-0569]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-0570

(json)

CVE numbers: CVE-2015-0570 [Bulletin-CVE-2015-0570]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
Details: Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. [NIST-CVE-2015-0570]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2015-0570]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-0570]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1538

(json)

CVE numbers: CVE-2015-1538 [Bulletin-CVE-2015-1538]
Coordinated disclosure?: unknown
Categories: Integer overflows during MP4 atom processing
Details: Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. [NIST-CVE-2015-1538]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-1538]
Fixed on: 2015-04-08 [ANDROID-20139950]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-1538] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-1538]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1539

(json)

CVE numbers: CVE-2015-1539 [Bulletin-CVE-2015-1539]
Coordinated disclosure?: unknown
Categories: An integer underflow in ESDS processing
Details: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. [NIST-CVE-2015-1539]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-1539]
Fixed on: 2015-04-08 [ANDROID-20139950]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-1539] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-1539]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1805

(json)

CVE numbers: CVE-2015-1805 [Bulletin-CVE-2015-1805]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Kernel
Details: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." [NIST-CVE-2015-1805]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2015-1805]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-1805] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-1805]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-1805]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-2686

(json)

CVE numbers: CVE-2015-2686 [Bulletin-CVE-2015-2686]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking component
Details: net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. [NIST-CVE-2015-2686]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2015-2686]
Fixed on: 2015-03-20 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-2686]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3288

(json)

CVE numbers: CVE-2015-3288 [Bulletin-CVE-2015-3288]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel memory subsystem
Details: mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. [NIST-CVE-2015-3288]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2015-3288]
Fixed on: 2015-07-06 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3288]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-3636

(json)

CVE numbers: CVE-2015-3636 [Bulletin-CVE-2015-3636]
Coordinated disclosure?: unknown
Categories: Elevation Privilege Vulnerability in Kernel
Details: The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. [NIST-CVE-2015-3636]
Discovered by: on: Unknown
Reported on: 2015-09-01 [Bulletin-CVE-2015-3636]
Fixed on: 2015-05-02 [ANDROID-20770158]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3636] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3636]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3823

(json)

CVE numbers: CVE-2015-3823 [Bulletin-CVE-2015-3823]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. [NIST-CVE-2015-3823]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3823]
Fixed on: 2015-07-16 [ANDROID-21335999]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3823] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3823]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3824

(json)

CVE numbers: CVE-2015-3824 [Bulletin-CVE-2015-3824]
Coordinated disclosure?: unknown
Categories: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom
Details: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. [NIST-CVE-2015-3824]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3824]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3824] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3824]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3827

(json)

CVE numbers: CVE-2015-3827 [Bulletin-CVE-2015-3827]
Coordinated disclosure?: unknown
Categories: Integer underflow in libstagefright when processing MPEG4 covr atoms
Details: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. [NIST-CVE-2015-3827]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3827]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3827] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3827]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3828

(json)

CVE numbers: CVE-2015-3828 [Bulletin-CVE-2015-3828]
Coordinated disclosure?: unknown
Categories: Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata
Details: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. [NIST-CVE-2015-3828]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3828]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.0 and above [Bulletin-CVE-2015-3828] regex: 5.[0-1].[0-9]
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3828]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3829

(json)

CVE numbers: CVE-2015-3829 [Bulletin-CVE-2015-3829]
Coordinated disclosure?: unknown
Categories: Integer overflow in libstagefright processing MPEG4 covr atoms when chunk_data_size is SIZE_MAX
Details: Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. [NIST-CVE-2015-3829]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3829]
Fixed on: 2015-05-04 [ANDROID-20923261]
Fix released on: Unknown
Affected versions: 5.0 and above [Bulletin-CVE-2015-3829] regex: 5.[0-1].[0-9]
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3829]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3832

(json)

CVE numbers: CVE-2015-3832 [Bulletin-CVE-2015-3832]
Coordinated disclosure?: unknown
Categories: Buffer overflows in libstagefright MPEG4Extractor.cpp
Details: Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. [NIST-CVE-2015-3832]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3832]
Fixed on: 2015-04-01 [ANDROID-19641538]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3832] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3832]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3836

(json)

CVE numbers: CVE-2015-3836 [Bulletin-CVE-2015-3836]
Coordinated disclosure?: unknown
Categories: Buffer overflow in Sonivox Parse_wave
Details: The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. [NIST-CVE-2015-3836]
Discovered by: on: Unknown
Reported on: 2015-08-01 [Bulletin-CVE-2015-3836]
Fixed on: 2015-05-14 [ANDROID-21132860]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3836] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3836]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3864

(json)

CVE numbers: CVE-2015-3864 [Bulletin-CVE-2015-3864]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824. [NIST-CVE-2015-3864]
Discovered by: on: Unknown
Reported on: 2015-09-01 [Bulletin-CVE-2015-3864]
Fixed on: 2015-08-07 [ANDROID-23034759]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3864] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3864]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3867

(json)

CVE numbers: CVE-2015-3867 [Bulletin-CVE-2015-3867]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. [NIST-CVE-2015-3867]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3867]
Fixed on: 2015-05-08 [ANDROID-23213430]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3867] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3867]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3868

(json)

CVE numbers: CVE-2015-3868 [Bulletin-CVE-2015-3868]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. [NIST-CVE-2015-3868]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3868]
Fixed on: 2015-08-18 [ANDROID-23270724]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3868] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3868]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3869

(json)

CVE numbers: CVE-2015-3869 [Bulletin-CVE-2015-3869]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. [NIST-CVE-2015-3869]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3869]
Fixed on: 2015-08-06 [ANDROID-23036083]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3869] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3869]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3870

(json)

CVE numbers: CVE-2015-3870 [Bulletin-CVE-2015-3870]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. [NIST-CVE-2015-3870]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3870]
Fixed on: 2015-06-25 [ANDROID-22771132]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3870] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3870]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3871

(json)

CVE numbers: CVE-2015-3871 [Bulletin-CVE-2015-3871]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. [NIST-CVE-2015-3871]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3871]
Fixed on: 2015-08-03 [ANDROID-23031033]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3871] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3871]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3872

(json)

CVE numbers: CVE-2015-3872 [Bulletin-CVE-2015-3872]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. [NIST-CVE-2015-3872]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3872]
Fixed on: 2015-08-19 [ANDROID-23346388]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3872] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3872]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3873

(json)

CVE numbers: CVE-2015-3873 [Bulletin-CVE-2015-3873]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. [NIST-CVE-2015-3873]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3873]
Fixed on: 2015-08-18 [ANDROID-23247055]
Fix released on: Unknown
Affected versions: 5.1 and below, 5.0 and 5.1 [Bulletin-CVE-2015-3873] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3873]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3874

(json)

CVE numbers: CVE-2015-3874 [Bulletin-CVE-2015-3874]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Sonivox
Details: The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. [NIST-CVE-2015-3874]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3874]
Fixed on: 2015-08-21 [2]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3874] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3874]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3875

(json)

CVE numbers: CVE-2015-3875 [Bulletin-CVE-2015-3875]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libutils
Details: libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. [NIST-CVE-2015-3875]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3875]
Fixed on: 2015-08-18 [ANDROID-22952485]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3875] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3875]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3876

(json)

CVE numbers: CVE-2015-3876 [Bulletin-CVE-2015-3876]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. [NIST-CVE-2015-3876]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3876]
Fixed on: 2015-08-15 [ANDROID-23285192]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3876] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3876]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-3877

(json)

CVE numbers: CVE-2015-3877 [Bulletin-CVE-2015-3877]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Skia
Details: Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. [NIST-CVE-2015-3877]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3877]
Fixed on: 2015-04-16 [ANDROID-20723696]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3877] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3877]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-5706

(json)

CVE numbers: CVE-2015-5706 [Bulletin-CVE-2015-5706]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. [NIST-CVE-2015-5706]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2015-5706]
Fixed on: 2015-05-08 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-5706]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-6598

(json)

CVE numbers: CVE-2015-6598 [Bulletin-CVE-2015-6598]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. [NIST-CVE-2015-6598]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6598]
Fixed on: 2015-08-18 [ANDROID-23306638]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6598] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6598]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6599

(json)

CVE numbers: CVE-2015-6599 [Bulletin-CVE-2015-6599]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. [NIST-CVE-2015-6599]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6599]
Fixed on: 2015-08-21 [ANDROID-23416608]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6599] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6599]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6600

(json)

CVE numbers: CVE-2015-6600 [Bulletin-CVE-2015-6600]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. [NIST-CVE-2015-6600]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6600]
Fixed on: 2015-08-04 [ANDROID-22882938]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6600] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6600]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6601

(json)

CVE numbers: CVE-2015-6601 [Bulletin-CVE-2015-6601]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. [NIST-CVE-2015-6601]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6601]
Fixed on: 2015-06-04 [ANDROID-22935234]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6601] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6601]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6602

(json)

CVE numbers: CVE-2015-6602 [Bulletin-CVE-2015-6602]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libutils
Details: libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. [NIST-CVE-2015-6602]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6602]
Fixed on: 2015-08-20 [ANDROID-23290056]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6602] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6602]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6603

(json)

CVE numbers: CVE-2015-6603 [Bulletin-CVE-2015-6603]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. [NIST-CVE-2015-6603]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6603]
Fixed on: 2015-08-14 [ANDROID-23227354]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6603] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6603]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6604

(json)

CVE numbers: CVE-2015-6604 [Bulletin-CVE-2015-6604]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libstagefright
Details: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. [NIST-CVE-2015-6604]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6604]
Fixed on: 2015-08-12 [ANDROID-23129786]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6604] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6604]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6608

(json)

CVE numbers: CVE-2015-6608 [Bulletin-CVE-2015-6608]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Mediaserver
Details: mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. [NIST-CVE-2015-6608]
Discovered by: on: Unknown
Reported on: 2015-11-01 [Bulletin-CVE-2015-6608]
Fixed on: 2015-09-08 [ANDROID-23876444]
Fix released on: Unknown
Affected versions: 5.0, 5.1, 6.0, 4.4, 5.0, 5.1, 6.0, 4.4 and 5.1, 5.0, 5.1, 6.0 [Bulletin-CVE-2015-6608] regex: (5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])|(4.4.[0-9])|(5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])|(4.4.[0-9])|(5.1.[0-9])|(5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6608]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6609

(json)

CVE numbers: CVE-2015-6609 [Bulletin-CVE-2015-6609]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in libutils
Details: libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. [NIST-CVE-2015-6609]
Discovered by: on: Unknown
Reported on: 2015-11-01 [Bulletin-CVE-2015-6609]
Fixed on: 2015-09-02 [ANDROID-22953624]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6609] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6609]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6616

(json)

CVE numbers: CVE-2015-6616 [Bulletin-CVE-2015-6616]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Mediaserver
Details: mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and CVE-2015-8507. [NIST-CVE-2015-6616]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6616]
Fixed on: 2015-10-05 [ANDROID-24630158]
Fix released on: Unknown
Affected versions: 6.0 and below, 5.1 and below, 6.0 and below, 6.0 [Bulletin-CVE-2015-6616] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6616]
Fixed versions: 6.0 and below, 5.1 and below, 6.0 and below, 6.0 [Bulletin-CVE-2015-6616]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6617

(json)

CVE numbers: CVE-2015-6617 [Bulletin-CVE-2015-6617]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Skia
Details: Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. [NIST-CVE-2015-6617]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6617]
Fixed on: 2015-08-06 [ANDROID-23648740]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6617] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6617]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6617]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6619

(json)

CVE numbers: CVE-2015-6619 [Bulletin-CVE-2015-6619]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege in Kernel
Details: The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. [NIST-CVE-2015-6619]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6619]
Fixed on: 2015-09-22 [ANDROID-23520714]
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6619] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6619]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6619]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6633

(json)

CVE numbers: CVE-2015-6633 [Bulletin-CVE-2015-6633]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Display Driver
Details: The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. [NIST-CVE-2015-6633]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6633]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 6.0 and below [Bulletin-CVE-2015-6633] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6633]
Fixed versions: 6.0 and below [Bulletin-CVE-2015-6633]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6634

(json)

CVE numbers: CVE-2015-6634 [Bulletin-CVE-2015-6634]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in Display Driver
Details: The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261. [NIST-CVE-2015-6634]
Discovered by: on: Unknown
Reported on: 2015-12-01 [Bulletin-CVE-2015-6634]
Fixed on: 2015-10-16 [ANDROID-24163261]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6634] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6634]
Fixed versions: 5.1 and below [Bulletin-CVE-2015-6634]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6636

(json)

CVE numbers: CVE-2015-6636 [Bulletin-CVE-2015-6636]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. [NIST-CVE-2015-6636]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6636]
Fixed on: 2015-10-27 [ANDROID-25070493]
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6636] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6636]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6636]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6637

(json)

CVE numbers: CVE-2015-6637 [Bulletin-CVE-2015-6637]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in misc-sd driver
Details: The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. [NIST-CVE-2015-6637]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6637]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6637] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6637]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6637]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6638

(json)

CVE numbers: CVE-2015-6638 [Bulletin-CVE-2015-6638]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in the Imagination Technologies driver
Details: The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. [NIST-CVE-2015-6638]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6638]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6638] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6638]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6638]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6639

(json)

CVE numbers: CVE-2015-6639 [Bulletin-CVE-2015-6639]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerabilities in Trustzone
Details: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. [NIST-CVE-2015-6639]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6639]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6639] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6639]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6639]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6640

(json)

CVE numbers: CVE-2015-6640 [Bulletin-CVE-2015-6640]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Kernel
Details: The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. [NIST-CVE-2015-6640]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6640]
Fixed on: 2014-08-05 [ANDROID-20017123]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0 [Bulletin-CVE-2015-6640] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6640]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0 [Bulletin-CVE-2015-6640]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6647

(json)

CVE numbers: CVE-2015-6647 [Bulletin-CVE-2015-6647]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerabilities in Trustzone
Details: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. [NIST-CVE-2015-6647]
Discovered by: on: Unknown
Reported on: 2016-01-01 [Bulletin-CVE-2015-6647]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6647] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6647]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6647]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-7555

(json)

CVE numbers: CVE-2015-7555 [Bulletin-CVE-2015-7555]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in GIFLIB
Details: Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. [NIST-CVE-2015-7555]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2015-7555]
Fixed on: 2017-03-13 [A-34697653]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2015-7555] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-7555]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2015-7555]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-8816

(json)

CVE numbers: CVE-2015-8816 [Bulletin-CVE-2015-8816]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in USB driver
Details: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. [NIST-CVE-2015-8816]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2015-8816]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-8816]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8892

(json)

CVE numbers: CVE-2015-8892 [Bulletin-CVE-2015-8892]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm components
Details: platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998. [NIST-CVE-2015-8892]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2015-8892]
Fixed on: 2015-09-08 [QC-CR902998]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-8892]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8961

(json)

CVE numbers: CVE-2015-8961 [Bulletin-CVE-2015-8961]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. [NIST-CVE-2015-8961]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2015-8961]
Fixed on: 2015-10-17 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-8961]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8962

(json)

CVE numbers: CVE-2015-8962 [Bulletin-CVE-2015-8962]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel SCSI driver
Details: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. [NIST-CVE-2015-8962]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2015-8962]
Fixed on: 2015-10-30 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-8962]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8966

(json)

CVE numbers: CVE-2015-8966 [Bulletin-CVE-2015-8966]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel
Details: arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. [NIST-CVE-2015-8966]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2015-8966]
Fixed on: 2015-12-28 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-8966]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8995

(json)

CVE numbers: CVE-2015-8995 [Bulletin-CVE-2015-8995]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. [NIST-CVE-2015-8995]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-8995]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-8995]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-8996

(json)

CVE numbers: CVE-2015-8996 [Bulletin-CVE-2015-8996]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. [NIST-CVE-2015-8996]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-8996]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-8996]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-8997

(json)

CVE numbers: CVE-2015-8997 [Bulletin-CVE-2015-8997]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. [NIST-CVE-2015-8997]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-8997]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-8997]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-8998

(json)

CVE numbers: CVE-2015-8998 [Bulletin-CVE-2015-8998]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. [NIST-CVE-2015-8998]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-8998]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-8998]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-8999

(json)

CVE numbers: CVE-2015-8999 [Bulletin-CVE-2015-8999]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file. [NIST-CVE-2015-8999]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-8999]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-8999]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9000

(json)

CVE numbers: CVE-2015-9000 [Bulletin-CVE-2015-9000]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. [NIST-CVE-2015-9000]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-9000]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9000]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9001

(json)

CVE numbers: CVE-2015-9001 [Bulletin-CVE-2015-9001]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. [NIST-CVE-2015-9001]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-9001]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9001]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9002

(json)

CVE numbers: CVE-2015-9002 [Bulletin-CVE-2015-9002]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. [NIST-CVE-2015-9002]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-9002]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9002]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9003

(json)

CVE numbers: CVE-2015-9003 [Bulletin-CVE-2015-9003]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel. [NIST-CVE-2015-9003]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2015-9003]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9003]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9005

(json)

CVE numbers: CVE-2015-9005 [Bulletin-CVE-2015-9005]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. [NIST-CVE-2015-9005]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2015-9005]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9005]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2015-9006

(json)

CVE numbers: CVE-2015-9006 [Bulletin-CVE-2015-9006]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. [NIST-CVE-2015-9006]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2015-9006]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9006]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2015-9007

(json)

CVE numbers: CVE-2015-9007 [Bulletin-CVE-2015-9007]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. [NIST-CVE-2015-9007]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2015-9007]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9007]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2015-9008

(json)

CVE numbers: CVE-2015-9008 [Bulletin-CVE-2015-9008]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689. [NIST-CVE-2015-9008]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9008]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9008]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9009

(json)

CVE numbers: CVE-2015-9009 [Bulletin-CVE-2015-9009]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600. [NIST-CVE-2015-9009]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9009]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9009]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9010

(json)

CVE numbers: CVE-2015-9010 [Bulletin-CVE-2015-9010]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101. [NIST-CVE-2015-9010]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9010]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9010]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9011

(json)

CVE numbers: CVE-2015-9011 [Bulletin-CVE-2015-9011]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882. [NIST-CVE-2015-9011]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9011]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9011]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9012

(json)

CVE numbers: CVE-2015-9012 [Bulletin-CVE-2015-9012]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691. [NIST-CVE-2015-9012]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9012]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9012]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9013

(json)

CVE numbers: CVE-2015-9013 [Bulletin-CVE-2015-9013]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251. [NIST-CVE-2015-9013]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9013]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9013]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9014

(json)

CVE numbers: CVE-2015-9014 [Bulletin-CVE-2015-9014]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750. [NIST-CVE-2015-9014]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9014]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9014]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9015

(json)

CVE numbers: CVE-2015-9015 [Bulletin-CVE-2015-9015]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120. [NIST-CVE-2015-9015]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9015]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9015]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9024

(json)

CVE numbers: CVE-2015-9024 [Bulletin-CVE-2015-9024]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. [NIST-CVE-2015-9024]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9024]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9024]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9026

(json)

CVE numbers: CVE-2015-9026 [Bulletin-CVE-2015-9026]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. [NIST-CVE-2015-9026]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9026]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9026]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9027

(json)

CVE numbers: CVE-2015-9027 [Bulletin-CVE-2015-9027]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. [NIST-CVE-2015-9027]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9027]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9027]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2015-9029

(json)

CVE numbers: CVE-2015-9029 [Bulletin-CVE-2015-9029]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. [NIST-CVE-2015-9029]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2015-9029]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2015-9029]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-0728

(json)

CVE numbers: CVE-2016-0728 [Bulletin-CVE-2016-0728]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Kernel Keyring Component
Details: The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. [NIST-CVE-2016-0728]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0728]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0728] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0728]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0728]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0758

(json)

CVE numbers: CVE-2016-0758 [Bulletin-CVE-2016-0758]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in kernel ASN.1 decoder
Details: Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. [NIST-CVE-2016-0758]
Discovered by: on: Unknown
Reported on: 2016-10-01 [Bulletin-CVE-2016-0758]
Fixed on: 2016-02-23 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0758]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0801

(json)

CVE numbers: CVE-2016-0801 [Bulletin-CVE-2016-0801]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver
Details: The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. [NIST-CVE-2016-0801]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0801]
Fixed on: 2015-11-30 [ANDROID-25662029]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0801] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2016-0801]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0801]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0802

(json)

CVE numbers: CVE-2016-0802 [Bulletin-CVE-2016-0802]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver
Details: The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181. [NIST-CVE-2016-0802]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0802]
Fixed on: 2015-12-09 [ANDROID-25306181]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0802] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2016-0802]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0802]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0803

(json)

CVE numbers: CVE-2016-0803 [Bulletin-CVE-2016-0803]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794. [NIST-CVE-2016-0803]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0803]
Fixed on: 2015-11-20 [ANDROID-25812794]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0803] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0803]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0803]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0804

(json)

CVE numbers: CVE-2016-0804 [Bulletin-CVE-2016-0804]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434. [NIST-CVE-2016-0804]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0804]
Fixed on: 2015-10-19 [ANDROID-25070434]
Fix released on: Unknown
Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0804] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0804]
Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0804]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0805

(json)

CVE numbers: CVE-2016-0805 [Bulletin-CVE-2016-0805]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Performance Module
Details: The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204. [NIST-CVE-2016-0805]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0805]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0805] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0805]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0805]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0806

(json)

CVE numbers: CVE-2016-0806 [Bulletin-CVE-2016-0806]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
Details: The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453. [NIST-CVE-2016-0806]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0806]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0806] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0806]
Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0806]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0807

(json)

CVE numbers: CVE-2016-0807 [Bulletin-CVE-2016-0807]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in the Debuggerd
Details: The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394. [NIST-CVE-2016-0807]
Discovered by: on: Unknown
Reported on: 2016-02-01 [Bulletin-CVE-2016-0807]
Fixed on: 2015-10-22 [ANDROID-25187394]
Fix released on: Unknown
Affected versions: 6.0 and 6.0.1 [Bulletin-CVE-2016-0807] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0807]
Fixed versions: 6.0 and 6.0.1 [Bulletin-CVE-2016-0807]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0815

(json)

CVE numbers: CVE-2016-0815 [Bulletin-CVE-2016-0815]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. [NIST-CVE-2016-0815]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0815]
Fixed on: 2016-01-12 [ANDROID-26365349]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0815] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0815]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0815]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0816

(json)

CVE numbers: CVE-2016-0816 [Bulletin-CVE-2016-0816]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. [NIST-CVE-2016-0816]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0816]
Fixed on: 2016-01-07 [ANDROID-25928803]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0816] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0816]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0816]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0818

(json)

CVE numbers: CVE-2016-0818 [Bulletin-CVE-2016-0818]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege in Conscrypt
Details: The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. [NIST-CVE-2016-0818]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0818]
Fixed on: 2015-12-20 [[2]]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0818] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0818]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0818]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0819

(json)

CVE numbers: CVE-2016-0819 [Bulletin-CVE-2016-0819]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in the Qualcomm Performance Component
Details: The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. [NIST-CVE-2016-0819]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0819]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0819] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0819]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0819]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0820

(json)

CVE numbers: CVE-2016-0820 [Bulletin-CVE-2016-0820]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in MediaTek Wi-Fi Kernel Driver
Details: The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. [NIST-CVE-2016-0820]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-0820]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 6.0.1 [Bulletin-CVE-2016-0820] regex: (6.0.1)
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-0820]
Fixed versions: 6.0.1 [Bulletin-CVE-2016-0820]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0834

(json)

CVE numbers: CVE-2016-0834 [Bulletin-CVE-2016-0834]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Media Codec
Details: An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548. [NIST-CVE-2016-0834]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0834]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0834] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0834]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0834]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0835

(json)

CVE numbers: CVE-2016-0835 [Bulletin-CVE-2016-0835]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. [NIST-CVE-2016-0835]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0835]
Fixed on: 2015-12-31 [ANDROID-26070014]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0835] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0835]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0835]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0836

(json)

CVE numbers: CVE-2016-0836 [Bulletin-CVE-2016-0836]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590. [NIST-CVE-2016-0836]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0836]
Fixed on: 2015-11-24 [ANDROID-25812590]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0836] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0836]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0836]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0837

(json)

CVE numbers: CVE-2016-0837 [Bulletin-CVE-2016-0837]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. [NIST-CVE-2016-0837]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0837]
Fixed on: 2016-02-23 [ANDROID-27208621]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0837] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0837]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0837]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0838

(json)

CVE numbers: CVE-2016-0838 [Bulletin-CVE-2016-0838]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256. [NIST-CVE-2016-0838]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0838]
Fixed on: 2016-01-12 [2]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0838] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0838]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0838]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0839

(json)

CVE numbers: CVE-2016-0839 [Bulletin-CVE-2016-0839]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245. [NIST-CVE-2016-0839]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0839]
Fixed on: 2015-12-03 [ANDROID-25753245]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0839] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0839]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0839]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0840

(json)

CVE numbers: CVE-2016-0840 [Bulletin-CVE-2016-0840]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350. [NIST-CVE-2016-0840]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0840]
Fixed on: 2016-02-17 [ANDROID-26399350]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0840] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0840]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0840]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0841

(json)

CVE numbers: CVE-2016-0841 [Bulletin-CVE-2016-0841]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. [NIST-CVE-2016-0841]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0841]
Fixed on: 2016-02-18 [ANDROID-26040840]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0841] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0841]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0841]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0842

(json)

CVE numbers: CVE-2016-0842 [Bulletin-CVE-2016-0842]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in libstagefright
Details: The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142. [NIST-CVE-2016-0842]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0842]
Fixed on: 2015-12-04 [ANDROID-25818142]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0842] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-0842]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0842]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0843

(json)

CVE numbers: CVE-2016-0843 [Bulletin-CVE-2016-0843]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Performance Module
Details: The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197. [NIST-CVE-2016-0843]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0843]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0843] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0843]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0843]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0844

(json)

CVE numbers: CVE-2016-0844 [Bulletin-CVE-2016-0844]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm RF component
Details: The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307. [NIST-CVE-2016-0844]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-0844]
Fixed on: 2016-01-05 [ANDROID-26324307]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0844] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0844]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0844]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-10200

(json)

CVE numbers: CVE-2016-10200 [Bulletin-CVE-2016-10200]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. [NIST-CVE-2016-10200]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-10200]
Fixed on: 2016-11-18 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-10200]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10229

(json)

CVE numbers: CVE-2016-10229 [Bulletin-CVE-2016-10229]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in kernel networking subsystem
Details: udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. [NIST-CVE-2016-10229]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2016-10229]
Fixed on: 2015-12-30 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-10229]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10230

(json)

CVE numbers: CVE-2016-10230 [Bulletin-CVE-2016-10230]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Qualcomm crypto engine driver
Details: A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408. [NIST-CVE-2016-10230]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2016-10230]
Fixed on: 2016-11-28 [QC-CR#1091408]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10230]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10237

(json)

CVE numbers: CVE-2016-10237 [Bulletin-CVE-2016-10237]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory. [NIST-CVE-2016-10237]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2016-10237]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10237]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10238

(json)

CVE numbers: CVE-2016-10238 [Bulletin-CVE-2016-10238]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue. [NIST-CVE-2016-10238]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2016-10238]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10238]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10240

(json)

CVE numbers: CVE-2016-10240 [Bulletin-CVE-2016-10240]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details:
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-10240]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10240]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2016-10241

(json)

CVE numbers: CVE-2016-10241 [Bulletin-CVE-2016-10241]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details:
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-10241]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10241]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2016-10242

(json)

CVE numbers: CVE-2016-10242 [Bulletin-CVE-2016-10242]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. [NIST-CVE-2016-10242]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2016-10242]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10242]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10274

(json)

CVE numbers: CVE-2016-10274 [Bulletin-CVE-2016-10274]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek touchscreen driver
Details: An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901. [NIST-CVE-2016-10274]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2016-10274] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-10274]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-10274]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10275

(json)

CVE numbers: CVE-2016-10275 [Bulletin-CVE-2016-10275]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm bootloader
Details: An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111. [NIST-CVE-2016-10275]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-10275]
Fixed on: 2016-07-05 [QC-CR#1009111]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10275]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10276

(json)

CVE numbers: CVE-2016-10276 [Bulletin-CVE-2016-10276]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm bootloader
Details: An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105. [NIST-CVE-2016-10276]
Discovered by: Yang Cheng of Xiaomi Inc. [Discovery-CVE-2016-10276] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-10276]
Fixed on: 2016-12-02 [QC-CR#1094105]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10276]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10277

(json)

CVE numbers: CVE-2016-10277 [Bulletin-CVE-2016-10277]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Motorola bootloader
Details: An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. [NIST-CVE-2016-10277]
Discovered by: Roee Hay (@roeehay) of Aleph Research, HCL Technologies [Discovery-CVE-2016-10277] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-10277]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-10277]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10297

(json)

CVE numbers: CVE-2016-10297 [Bulletin-CVE-2016-10297]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. [NIST-CVE-2016-10297]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-10297]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10297]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2016-10298

(json)

CVE numbers: CVE-2016-10298 [Bulletin-CVE-2016-10298]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252. [NIST-CVE-2016-10298]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10298]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10298]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10299

(json)

CVE numbers: CVE-2016-10299 [Bulletin-CVE-2016-10299]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244. [NIST-CVE-2016-10299]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10299]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10299]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10333

(json)

CVE numbers: CVE-2016-10333 [Bulletin-CVE-2016-10333]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. [NIST-CVE-2016-10333]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10333]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10333]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10334

(json)

CVE numbers: CVE-2016-10334 [Bulletin-CVE-2016-10334]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. [NIST-CVE-2016-10334]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10334]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10334]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10335

(json)

CVE numbers: CVE-2016-10335 [Bulletin-CVE-2016-10335]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. [NIST-CVE-2016-10335]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10335]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10335]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10336

(json)

CVE numbers: CVE-2016-10336 [Bulletin-CVE-2016-10336]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. [NIST-CVE-2016-10336]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10336]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10336]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10338

(json)

CVE numbers: CVE-2016-10338 [Bulletin-CVE-2016-10338]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. [NIST-CVE-2016-10338]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10338]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10338]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10339

(json)

CVE numbers: CVE-2016-10339 [Bulletin-CVE-2016-10339]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. [NIST-CVE-2016-10339]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10339]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10339]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10340

(json)

CVE numbers: CVE-2016-10340 [Bulletin-CVE-2016-10340]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. [NIST-CVE-2016-10340]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10340]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10340]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10341

(json)

CVE numbers: CVE-2016-10341 [Bulletin-CVE-2016-10341]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. [NIST-CVE-2016-10341]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2016-10341]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10341]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-10394

(json)

CVE numbers: CVE-2016-10394 [Bulletin-CVE-2016-10394]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details:
Discovered by: on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2016-10394]
Fixed on: Unknown
Fix released on: 2018-09-05 [Bulletin-CVE-2016-10394]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10394]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2016-1503

(json)

CVE numbers: CVE-2016-1503 [Bulletin-CVE-2016-1503]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in DHCPCD
Details: dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. [NIST-CVE-2016-1503]
Discovered by: on: Unknown
Reported on: 2016-04-02 [Bulletin-CVE-2016-1503]
Fixed on: 2016-02-11 [ANDROID-26461634]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-1503] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-1503]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-1503]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-1621

(json)

CVE numbers: CVE-2016-1621 [Bulletin-CVE-2016-1621]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libvpx
Details: libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. [NIST-CVE-2016-1621]
Discovered by: on: Unknown
Reported on: 2016-03-01 [Bulletin-CVE-2016-1621]
Fixed on: 2016-01-19 [[3]]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0 [Bulletin-CVE-2016-1621] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-1621]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0 [Bulletin-CVE-2016-1621]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2062

(json)

CVE numbers: CVE-2016-2062 [Bulletin-CVE-2016-2062]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm GPU Driver
Details: The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call. [NIST-CVE-2016-2062]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2062]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2062]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2067

(json)

CVE numbers: CVE-2016-2067 [Bulletin-CVE-2016-2067]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm GPU driver
Details: drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993. [NIST-CVE-2016-2067]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2067]
Fixed on: 2016-03-17 [QC-CR988993]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2067]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2108

(json)

CVE numbers: CVE-2016-2108 [Bulletin-CVE-2016-2108]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. [NIST-CVE-2016-2108]
Discovered by: on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2016-2108]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2016-2108]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2108]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2016-2182

(json)

CVE numbers: CVE-2016-2182 [Bulletin-CVE-2016-2182]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in OpenSSL & BoringSSL
Details: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. [NIST-CVE-2016-2182]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-2182]
Fixed on: 2016-08-22 [A-32096880]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2016-2182] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2182]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2016-2182]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-2184

(json)

CVE numbers: CVE-2016-2184 [Bulletin-CVE-2016-2184]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel sound subsystem
Details: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. [NIST-CVE-2016-2184]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-2184]
Fixed on: 2016-03-31 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2184]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2428

(json)

CVE numbers: CVE-2016-2428 [Bulletin-CVE-2016-2428]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339. [NIST-CVE-2016-2428]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2428]
Fixed on: 2016-03-21 [26751339]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2428] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2428]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2428]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2429

(json)

CVE numbers: CVE-2016-2429 [Bulletin-CVE-2016-2429]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885. [NIST-CVE-2016-2429]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2429]
Fixed on: 2016-03-11 [27211885]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2429] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2429]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2429]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2430

(json)

CVE numbers: CVE-2016-2430 [Bulletin-CVE-2016-2430]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Debuggerd
Details: libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236. [NIST-CVE-2016-2430]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2430]
Fixed on: 2016-03-23 [27299236]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2430] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2430]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2430]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2431

(json)

CVE numbers: CVE-2016-2431 [Bulletin-CVE-2016-2431]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm TrustZone
Details: The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809. [NIST-CVE-2016-2431]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2431]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2431]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2432

(json)

CVE numbers: CVE-2016-2432 [Bulletin-CVE-2016-2432]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm TrustZone
Details: The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059. [NIST-CVE-2016-2432]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2432]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2432]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2434

(json)

CVE numbers: CVE-2016-2434 [Bulletin-CVE-2016-2434]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in NVIDIA Video Driver
Details: The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090. [NIST-CVE-2016-2434]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2434]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-2434]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2435

(json)

CVE numbers: CVE-2016-2435 [Bulletin-CVE-2016-2435]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in NVIDIA Video Driver
Details: The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988. [NIST-CVE-2016-2435]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2435]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-2435]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2436

(json)

CVE numbers: CVE-2016-2436 [Bulletin-CVE-2016-2436]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in NVIDIA Video Driver
Details: The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111. [NIST-CVE-2016-2436]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2436]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-2436]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2437

(json)

CVE numbers: CVE-2016-2437 [Bulletin-CVE-2016-2437]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in NVIDIA Video Driver
Details: The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822. [NIST-CVE-2016-2437]
Discovered by: on: Unknown
Reported on: 2016-05-01 [Bulletin-CVE-2016-2437]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-2437]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2463

(json)

CVE numbers: CVE-2016-2463 [Bulletin-CVE-2016-2463]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerability in Mediaserver
Details: Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419. [NIST-CVE-2016-2463]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2463]
Fixed on: 2016-04-08 [27855419]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2463] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2463]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2463]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2464

(json)

CVE numbers: CVE-2016-2464 [Bulletin-CVE-2016-2464]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libwebm
Details: libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. [NIST-CVE-2016-2464]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2464]
Fixed on: 2016-01-11 [2]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2464] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2464]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2464]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2465

(json)

CVE numbers: CVE-2016-2465 [Bulletin-CVE-2016-2465]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Video Driver
Details: The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865. [NIST-CVE-2016-2465]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2465]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2465]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2466

(json)

CVE numbers: CVE-2016-2466 [Bulletin-CVE-2016-2466]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Sound Driver
Details: The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307. [NIST-CVE-2016-2466]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2466]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2466]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2467

(json)

CVE numbers: CVE-2016-2467 [Bulletin-CVE-2016-2467]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Sound Driver
Details: The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010. [NIST-CVE-2016-2467]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2467]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2467]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2468

(json)

CVE numbers: CVE-2016-2468 [Bulletin-CVE-2016-2468]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm GPU Driver
Details: The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454. [NIST-CVE-2016-2468]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2468]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2468]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2474

(json)

CVE numbers: CVE-2016-2474 [Bulletin-CVE-2016-2474]
Coordinated disclosure?: unknown
Categories: Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
Details: The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 27424603. [NIST-CVE-2016-2474]
Discovered by: on: Unknown
Reported on: 2016-06-01 [Bulletin-CVE-2016-2474]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2474]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2503

(json)

CVE numbers: CVE-2016-2503 [Bulletin-CVE-2016-2503]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm GPU driver
Details: The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067. [NIST-CVE-2016-2503]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2503]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2503]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2504

(json)

CVE numbers: CVE-2016-2504 [Bulletin-CVE-2016-2504]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm GPU driver
Details: The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974. [NIST-CVE-2016-2504]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-2504]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2504]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2505

(json)

CVE numbers: CVE-2016-2505 [Bulletin-CVE-2016-2505]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006. [NIST-CVE-2016-2505]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2505]
Fixed on: 2016-04-28 [A-28333006]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-2505] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2505]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-2505]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2506

(json)

CVE numbers: CVE-2016-2506 [Bulletin-CVE-2016-2506]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045. [NIST-CVE-2016-2506]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2506]
Fixed on: 2016-05-13 [A-28175045]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2506] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2506]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2506]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2507

(json)

CVE numbers: CVE-2016-2507 [Bulletin-CVE-2016-2507]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266. [NIST-CVE-2016-2507]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2507]
Fixed on: 2016-05-11 [A-28532266]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2507] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2507]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2507]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2508

(json)

CVE numbers: CVE-2016-2508 [Bulletin-CVE-2016-2508]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341. [NIST-CVE-2016-2508]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-2508]
Fixed on: 2016-06-14 [2]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2508] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-2508]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2508]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3134

(json)

CVE numbers: CVE-2016-3134 [Bulletin-CVE-2016-3134]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel netfilter subsystem
Details: The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. [NIST-CVE-2016-3134]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-3134]
Fixed on: 2016-03-22 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3134]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3706

(json)

CVE numbers: CVE-2016-3706 [Bulletin-CVE-2016-3706]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. [NIST-CVE-2016-3706]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2016-3706]
Fixed on: 2016-09-09 [QC-CR#1058691]
Fix released on: 2017-12-05 [Bulletin-CVE-2016-3706]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-3706]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-3741

(json)

CVE numbers: CVE-2016-3741 [Bulletin-CVE-2016-3741]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661. [NIST-CVE-2016-3741]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3741]
Fixed on: 2016-05-24 [2]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3741] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3741]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3741]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3742

(json)

CVE numbers: CVE-2016-3742 [Bulletin-CVE-2016-3742]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659. [NIST-CVE-2016-3742]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3742]
Fixed on: 2016-04-20 [A-28165659]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3742] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3742]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3742]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3743

(json)

CVE numbers: CVE-2016-3743 [Bulletin-CVE-2016-3743]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656. [NIST-CVE-2016-3743]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3743]
Fixed on: 2016-04-21 [A-27907656]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3743] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3743]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3743]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3767

(json)

CVE numbers: CVE-2016-3767 [Bulletin-CVE-2016-3767]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek Wi-Fi driver
Details: The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526. [NIST-CVE-2016-3767]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3767]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-3767]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3768

(json)

CVE numbers: CVE-2016-3768 [Bulletin-CVE-2016-3768]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm performance component
Details: The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644. [NIST-CVE-2016-3768]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3768]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-3768]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3769

(json)

CVE numbers: CVE-2016-3769 [Bulletin-CVE-2016-3769]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA video driver
Details: The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656. [NIST-CVE-2016-3769]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3769]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-3769]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3770

(json)

CVE numbers: CVE-2016-3770 [Bulletin-CVE-2016-3770]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek drivers (Device specific)
Details: The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102. [NIST-CVE-2016-3770]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3770]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-3770]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3771

(json)

CVE numbers: CVE-2016-3771 [Bulletin-CVE-2016-3771]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek drivers (Device specific)
Details: The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102. [NIST-CVE-2016-3771]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3771]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-3771]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3772

(json)

CVE numbers: CVE-2016-3772 [Bulletin-CVE-2016-3772]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek drivers (Device specific)
Details: The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102. [NIST-CVE-2016-3772]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3772]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-3772]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3773

(json)

CVE numbers: CVE-2016-3773 [Bulletin-CVE-2016-3773]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek drivers (Device specific)
Details: The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102. [NIST-CVE-2016-3773]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3773]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-3773]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3774

(json)

CVE numbers: CVE-2016-3774 [Bulletin-CVE-2016-3774]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek drivers (Device specific)
Details: The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102. [NIST-CVE-2016-3774]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3774]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-3774]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3775

(json)

CVE numbers: CVE-2016-3775 [Bulletin-CVE-2016-3775]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279. [NIST-CVE-2016-3775]
Discovered by: on: Unknown
Reported on: 2016-07-01 [Bulletin-CVE-2016-3775]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3775]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3819

(json)

CVE numbers: CVE-2016-3819 [Bulletin-CVE-2016-3819]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562. [NIST-CVE-2016-3819]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3819]
Fixed on: 2016-06-07 [A-28533562]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3819] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3819]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3819]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3820

(json)

CVE numbers: CVE-2016-3820 [Bulletin-CVE-2016-3820]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410. [NIST-CVE-2016-3820]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3820]
Fixed on: 2016-06-01 [A-28673410]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3820] regex: (6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3820]
Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-3820]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3821

(json)

CVE numbers: CVE-2016-3821 [Bulletin-CVE-2016-3821]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152. [NIST-CVE-2016-3821]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3821]
Fixed on: 2016-06-07 [A-28166152]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3821] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3821]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3821]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3840

(json)

CVE numbers: CVE-2016-3840 [Bulletin-CVE-2016-3840]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Conscrypt
Details: Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153. [NIST-CVE-2016-3840]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3840]
Fixed on: 2016-05-12 [A-28751153]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3840] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3840]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3840]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3841

(json)

CVE numbers: CVE-2016-3841 [Bulletin-CVE-2016-3841]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking component
Details: The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. [NIST-CVE-2016-3841]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3841]
Fixed on: 2015-11-29 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3841]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3842

(json)

CVE numbers: CVE-2016-3842 [Bulletin-CVE-2016-3842]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm GPU driver
Details: The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974. [NIST-CVE-2016-3842]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3842]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-3842]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3857

(json)

CVE numbers: CVE-2016-3857 [Bulletin-CVE-2016-3857]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel
Details: The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518. [NIST-CVE-2016-3857]
Discovered by: on: Unknown
Reported on: 2016-08-01 [Bulletin-CVE-2016-3857]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3857]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3861

(json)

CVE numbers: CVE-2016-3861 [Bulletin-CVE-2016-3861]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in LibUtils
Details: LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543. [NIST-CVE-2016-3861]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-3861]
Fixed on: 2016-06-28 [A-29250543]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0 [Bulletin-CVE-2016-3861] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3861]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0 [Bulletin-CVE-2016-3861]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3862

(json)

CVE numbers: CVE-2016-3862 [Bulletin-CVE-2016-3862]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469. [NIST-CVE-2016-3862]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-3862]
Fixed on: 2016-07-13 [A-29270469]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3862] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3862]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3862]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3926

(json)

CVE numbers: CVE-2016-3926 [Bulletin-CVE-2016-3926]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953. [NIST-CVE-2016-3926]
Discovered by: on: Unknown
Reported on: 2016-10-01 [Bulletin-CVE-2016-3926]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-3926]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3927

(json)

CVE numbers: CVE-2016-3927 [Bulletin-CVE-2016-3927]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244. [NIST-CVE-2016-3927]
Discovered by: on: Unknown
Reported on: 2016-10-01 [Bulletin-CVE-2016-3927]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-3927]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3928

(json)

CVE numbers: CVE-2016-3928 [Bulletin-CVE-2016-3928]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek video driver
Details: The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384. [NIST-CVE-2016-3928]
Discovered by: on: Unknown
Reported on: 2016-10-01 [Bulletin-CVE-2016-3928]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-3928]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3951

(json)

CVE numbers: CVE-2016-3951 [Bulletin-CVE-2016-3951]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel USB driver
Details: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. [NIST-CVE-2016-3951]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-3951]
Fixed on: 2016-03-07 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-3951]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-4429

(json)

CVE numbers: CVE-2016-4429 [Bulletin-CVE-2016-4429]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. [NIST-CVE-2016-4429]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2016-4429]
Fixed on: 2016-09-09 [QC-CR#1058691]
Fix released on: 2017-12-05 [Bulletin-CVE-2016-4429]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-4429]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-4470

(json)

CVE numbers: CVE-2016-4470 [Bulletin-CVE-2016-4470]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel security subsystem
Details: The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. [NIST-CVE-2016-4470]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-4470]
Fixed on: 2016-06-16 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-4470]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-4794

(json)

CVE numbers: CVE-2016-4794 [Bulletin-CVE-2016-4794]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel memory subsystem
Details: Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. [NIST-CVE-2016-4794]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-4794]
Fixed on: 2016-05-25 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-4794]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-5195

(json)

CVE numbers: CVE-2016-5195 [Bulletin-CVE-2016-5195]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel memory subsystem
Details: Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." [NIST-CVE-2016-5195]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-5195]
Fixed on: 2016-10-13 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-5195]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-5340

(json)

CVE numbers: CVE-2016-5340 [Bulletin-CVE-2016-5340]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel shared memory subsystem
Details: The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. [NIST-CVE-2016-5340]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2016-5340]
Fixed on: 2016-06-22 [QC-CR#1008948]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-5340]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6699

(json)

CVE numbers: CVE-2016-6699 [Bulletin-CVE-2016-6699]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Android ID: A-31373622. [NIST-CVE-2016-6699]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6699]
Fixed on: 2016-09-13 [A-31373622]
Fix released on: Unknown
Affected versions: 7.0 [Bulletin-CVE-2016-6699] regex: (7.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6699]
Fixed versions: 7.0 [Bulletin-CVE-2016-6699]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6700

(json)

CVE numbers: CVE-2016-6700 [Bulletin-CVE-2016-6700]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in libzipfile
Details: An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186. [NIST-CVE-2016-6700]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6700]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1 [Bulletin-CVE-2016-6700] regex: (4.4.4)|(5.0.2)|(5.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6700]
Fixed versions: 4.4.4, 5.0.2, 5.1.1 [Bulletin-CVE-2016-6700]
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6725

(json)

CVE numbers: CVE-2016-6725 [Bulletin-CVE-2016-6725]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Qualcomm crypto driver
Details: A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970. [NIST-CVE-2016-6725]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6725]
Fixed on: 2016-08-16 [QC-CR#1050970]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-6725]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6727

(json)

CVE numbers: CVE-2016-6727 [Bulletin-CVE-2016-6727]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. [NIST-CVE-2016-6727]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6727]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-6727]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6728

(json)

CVE numbers: CVE-2016-6728 [Bulletin-CVE-2016-6728]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942. [NIST-CVE-2016-6728]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6728]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6728]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6729

(json)

CVE numbers: CVE-2016-6729 [Bulletin-CVE-2016-6729]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm bootloader
Details: An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684. [NIST-CVE-2016-6729]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6729]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-6729]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6730

(json)

CVE numbers: CVE-2016-6730 [Bulletin-CVE-2016-6730]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730. [NIST-CVE-2016-6730]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6730]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6730]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6731

(json)

CVE numbers: CVE-2016-6731 [Bulletin-CVE-2016-6731]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731. [NIST-CVE-2016-6731]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6731]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6731]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6732

(json)

CVE numbers: CVE-2016-6732 [Bulletin-CVE-2016-6732]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906599. References: NVIDIA N-CVE-2016-6732. [NIST-CVE-2016-6732]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6732]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6732]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6733

(json)

CVE numbers: CVE-2016-6733 [Bulletin-CVE-2016-6733]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733. [NIST-CVE-2016-6733]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6733]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6733]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6734

(json)

CVE numbers: CVE-2016-6734 [Bulletin-CVE-2016-6734]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907120. References: NVIDIA N-CVE-2016-6734. [NIST-CVE-2016-6734]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6734]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6734]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6735

(json)

CVE numbers: CVE-2016-6735 [Bulletin-CVE-2016-6735]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30907701. References: NVIDIA N-CVE-2016-6735. [NIST-CVE-2016-6735]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6735]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6735]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6736

(json)

CVE numbers: CVE-2016-6736 [Bulletin-CVE-2016-6736]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736. [NIST-CVE-2016-6736]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6736]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6736]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6737

(json)

CVE numbers: CVE-2016-6737 [Bulletin-CVE-2016-6737]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30928456. [NIST-CVE-2016-6737]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6737]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6737]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6775

(json)

CVE numbers: CVE-2016-6775 [Bulletin-CVE-2016-6775]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775. [NIST-CVE-2016-6775]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-6775]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6775]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6776

(json)

CVE numbers: CVE-2016-6776 [Bulletin-CVE-2016-6776]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776. [NIST-CVE-2016-6776]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-6776]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6776]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6777

(json)

CVE numbers: CVE-2016-6777 [Bulletin-CVE-2016-6777]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777. [NIST-CVE-2016-6777]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-6777]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6777]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6828

(json)

CVE numbers: CVE-2016-6828 [Bulletin-CVE-2016-6828]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. [NIST-CVE-2016-6828]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6828]
Fixed on: 2016-08-17 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6828]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6915

(json)

CVE numbers: CVE-2016-6915 [Bulletin-CVE-2016-6915]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA video driver
Details: Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. [NIST-CVE-2016-6915]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-6915]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6915]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6916

(json)

CVE numbers: CVE-2016-6916 [Bulletin-CVE-2016-6916]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA video driver
Details: Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, which triggers a buffer overflow. [NIST-CVE-2016-6916]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-6916]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6916]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-6917

(json)

CVE numbers: CVE-2016-6917 [Bulletin-CVE-2016-6917]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA video driver
Details: Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. [NIST-CVE-2016-6917]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-6917]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-6917]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7117

(json)

CVE numbers: CVE-2016-7117 [Bulletin-CVE-2016-7117]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in kernel networking subsystem
Details: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. [NIST-CVE-2016-7117]
Discovered by: on: Unknown
Reported on: 2016-10-01 [Bulletin-CVE-2016-7117]
Fixed on: 2016-03-14 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7117]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7910

(json)

CVE numbers: CVE-2016-7910 [Bulletin-CVE-2016-7910]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. [NIST-CVE-2016-7910]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-7910]
Fixed on: 2016-07-29 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7910]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7911

(json)

CVE numbers: CVE-2016-7911 [Bulletin-CVE-2016-7911]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call. [NIST-CVE-2016-7911]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-7911]
Fixed on: 2016-07-01 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7911]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7912

(json)

CVE numbers: CVE-2016-7912 [Bulletin-CVE-2016-7912]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel USB driver
Details: Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. [NIST-CVE-2016-7912]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-7912]
Fixed on: 2016-04-14 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7912]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7913

(json)

CVE numbers: CVE-2016-7913 [Bulletin-CVE-2016-7913]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel media driver
Details: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. [NIST-CVE-2016-7913]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-7913]
Fixed on: 2016-01-28 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7913]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-8411

(json)

CVE numbers: CVE-2016-8411 [Bulletin-CVE-2016-8411]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775. [NIST-CVE-2016-8411]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-8411]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8411]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-8418

(json)

CVE numbers: CVE-2016-8418 [Bulletin-CVE-2016-8418]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Qualcomm crypto driver
Details: A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457. [NIST-CVE-2016-8418]
Discovered by: Seven Shen (@lingtongshen) of Trend Micro Mobile Threat Research Team [Discovery-CVE-2016-8418] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2016-8418]
Fixed on: 2016-10-24 [QC-CR#1077457]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8418]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8422

(json)

CVE numbers: CVE-2016-8422 [Bulletin-CVE-2016-8422]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm bootloader
Details: An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31471220. References: QC-CR#979426. [NIST-CVE-2016-8422]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8422]
Fixed on: 2016-03-18 [QC-CR#979426]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8422]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8423

(json)

CVE numbers: CVE-2016-8423 [Bulletin-CVE-2016-8423]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm bootloader
Details: An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. References: QC-CR#1000546. [NIST-CVE-2016-8423]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8423]
Fixed on: 2016-05-04 [QC-CR#1000546]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8423]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8424

(json)

CVE numbers: CVE-2016-8424 [Bulletin-CVE-2016-8424]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31606947. References: N-CVE-2016-8424. [NIST-CVE-2016-8424]
Discovered by: Peter Pi (@heisecode) of Trend Micro [Discovery-CVE-2016-8424] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8424]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8424]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8425

(json)

CVE numbers: CVE-2016-8425 [Bulletin-CVE-2016-8425]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425. [NIST-CVE-2016-8425]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2016-8425] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8425]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8425]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8426

(json)

CVE numbers: CVE-2016-8426 [Bulletin-CVE-2016-8426]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426. [NIST-CVE-2016-8426]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2016-8426] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8426]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8426]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8427

(json)

CVE numbers: CVE-2016-8427 [Bulletin-CVE-2016-8427]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427. [NIST-CVE-2016-8427]
Discovered by: Di Shen (@returnsme) of KeenLab (@keen_lab), Tencent [Discovery-CVE-2016-8427] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8427]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8427]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8428

(json)

CVE numbers: CVE-2016-8428 [Bulletin-CVE-2016-8428]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428. [NIST-CVE-2016-8428]
Discovered by: Peter Pi (@heisecode) of Trend Micro [Discovery-CVE-2016-8428] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8428]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8428]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8429

(json)

CVE numbers: CVE-2016-8429 [Bulletin-CVE-2016-8429]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32160775. References: N-CVE-2016-8429. [NIST-CVE-2016-8429]
Discovered by: Peter Pi (@heisecode) of Trend Micro [Discovery-CVE-2016-8429] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8429]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8429]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8430

(json)

CVE numbers: CVE-2016-8430 [Bulletin-CVE-2016-8430]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32225180. References: N-CVE-2016-8430. [NIST-CVE-2016-8430]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2016-8430] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8430]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8430]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8431

(json)

CVE numbers: CVE-2016-8431 [Bulletin-CVE-2016-8431]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431. [NIST-CVE-2016-8431]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2016-8431] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8431]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8431]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8432

(json)

CVE numbers: CVE-2016-8432 [Bulletin-CVE-2016-8432]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432. [NIST-CVE-2016-8432]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2016-8432] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8432]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8432]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8433

(json)

CVE numbers: CVE-2016-8433 [Bulletin-CVE-2016-8433]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek driver
Details: An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192. [NIST-CVE-2016-8433]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8433]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2016-8433]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8434

(json)

CVE numbers: CVE-2016-8434 [Bulletin-CVE-2016-8434]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm GPU driver
Details: An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855. [NIST-CVE-2016-8434]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8434]
Fixed on: 2015-02-27 [QC-CR#1081855]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8434]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8435

(json)

CVE numbers: CVE-2016-8435 [Bulletin-CVE-2016-8435]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435. [NIST-CVE-2016-8435]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2016-8435] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8435]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8435]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8436

(json)

CVE numbers: CVE-2016-8436 [Bulletin-CVE-2016-8436]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm video driver
Details: An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860. [NIST-CVE-2016-8436]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8436]
Fixed on: 2016-05-12 [QC-CR#1007860]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8436]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8438

(json)

CVE numbers: CVE-2016-8438 [Bulletin-CVE-2016-8438]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638. [NIST-CVE-2016-8438]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8438]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8438]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2016-8442

(json)

CVE numbers: CVE-2016-8442 [Bulletin-CVE-2016-8442]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173. [NIST-CVE-2016-8442]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8442]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8442]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2016-8443

(json)

CVE numbers: CVE-2016-8443 [Bulletin-CVE-2016-8443]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. [NIST-CVE-2016-8443]
Discovered by: on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8443]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8443]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2016-8479

(json)

CVE numbers: CVE-2016-8479 [Bulletin-CVE-2016-8479]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm GPU driver
Details: An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31824853. References: QC-CR#1093687. [NIST-CVE-2016-8479]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2016-8479] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-8479]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8479]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8482

(json)

CVE numbers: CVE-2016-8482 [Bulletin-CVE-2016-8482]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482. [NIST-CVE-2016-8482]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2016-8482] on: Unknown
Reported on: 2017-01-01 [Bulletin-CVE-2016-8482]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2016-8482]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8484

(json)

CVE numbers: CVE-2016-8484 [Bulletin-CVE-2016-8484]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575. [NIST-CVE-2016-8484]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-8484]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8484]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8485

(json)

CVE numbers: CVE-2016-8485 [Bulletin-CVE-2016-8485]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681. [NIST-CVE-2016-8485]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-8485]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8485]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8486

(json)

CVE numbers: CVE-2016-8486 [Bulletin-CVE-2016-8486]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691. [NIST-CVE-2016-8486]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-8486]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8486]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8487

(json)

CVE numbers: CVE-2016-8487 [Bulletin-CVE-2016-8487]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724. [NIST-CVE-2016-8487]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-8487]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8487]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-8488

(json)

CVE numbers: CVE-2016-8488 [Bulletin-CVE-2016-8488]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756. [NIST-CVE-2016-8488]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-8488]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8488]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-9120

(json)

CVE numbers: CVE-2016-9120 [Bulletin-CVE-2016-9120]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION driver
Details: Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. [NIST-CVE-2016-9120]
Discovered by: on: Unknown
Reported on: 2016-12-01 [Bulletin-CVE-2016-9120]
Fixed on: 2016-02-24 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-9120]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-9794

(json)

CVE numbers: CVE-2016-9794 [Bulletin-CVE-2016-9794]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel sound subsystem
Details: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. [NIST-CVE-2016-9794]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2016-9794]
Fixed on: 2016-12-12 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-9794]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-9806

(json)

CVE numbers: CVE-2016-9806 [Bulletin-CVE-2016-9806]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. [NIST-CVE-2016-9806]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-9806]
Fixed on: 2016-05-16 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-9806]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0306

(json)

CVE numbers: CVE-2017-0306 [Bulletin-CVE-2017-0306]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-34132950. References: N-CVE-2017-0306. [NIST-CVE-2017-0306]
Discovered by: Nathan Crandall (@natecray) of Tesla Motors Product Security Team [Discovery-CVE-2017-0306] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0306]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-0306]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0331

(json)

CVE numbers: CVE-2017-0331 [Bulletin-CVE-2017-0331]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA video driver
Details: An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. [NIST-CVE-2017-0331]
Discovered by: Nathan Crandall (@natecray) of Tesla Motors Product Security Team [Discovery-CVE-2017-0331] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0331]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-0331]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0333

(json)

CVE numbers: CVE-2017-0333 [Bulletin-CVE-2017-0333]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33899363. References: N-CVE-2017-0333. [NIST-CVE-2017-0333]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2017-0333] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0333]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-0333]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0335

(json)

CVE numbers: CVE-2017-0335 [Bulletin-CVE-2017-0335]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33043375. References: N-CVE-2017-0335. [NIST-CVE-2017-0335]
Discovered by: Billy Lau of Android Security [Discovery-CVE-2017-0335] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0335]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-0335]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0337

(json)

CVE numbers: CVE-2017-0337 [Bulletin-CVE-2017-0337]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-31992762. References: N-CVE-2017-0337. [NIST-CVE-2017-0337]
Discovered by: Qidan He (何淇丹) (@flanker_hqd) of KeenLab, Tencent (腾讯科恩实验室) [Discovery-CVE-2017-0337] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0337]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-0337]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0338

(json)

CVE numbers: CVE-2017-0338 [Bulletin-CVE-2017-0338]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33057977. References: N-CVE-2017-0338. [NIST-CVE-2017-0338]
Discovered by: Billy Lau of Android Security [Discovery-CVE-2017-0338] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0338]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-0338]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0405

(json)

CVE numbers: CVE-2017-0405 [Bulletin-CVE-2017-0405]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Surfaceflinger
Details: A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. [NIST-CVE-2017-0405]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2017-0405] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0405]
Fixed on: 2016-12-05 [A-31960359]
Fix released on: Unknown
Affected versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0405] regex: (7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0405]
Fixed versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0405]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0406

(json)

CVE numbers: CVE-2017-0406 [Bulletin-CVE-2017-0406]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871. [NIST-CVE-2017-0406]
Discovered by: Zhixin Li of NSFocus [Discovery-CVE-2017-0406] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0406]
Fixed on: 2016-11-18 [2]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0406] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0406]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0406]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0407

(json)

CVE numbers: CVE-2017-0407 [Bulletin-CVE-2017-0407]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375. [NIST-CVE-2017-0407]
Discovered by: Weichao Sun (@sunblate) of Alibaba Inc. [Discovery-CVE-2017-0407] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0407]
Fixed on: 2016-11-25 [A-32873375]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0407] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0407]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0407]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0427

(json)

CVE numbers: CVE-2017-0427 [Bulletin-CVE-2017-0427]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel file system
Details: An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866. [NIST-CVE-2017-0427]
Discovered by: Qidan He (何淇丹) (@flanker_hqd) of KeenLab, Tencent (腾讯科恩实验室) [Discovery-CVE-2017-0427] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0427]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0427]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0428

(json)

CVE numbers: CVE-2017-0428 [Bulletin-CVE-2017-0428]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428. [NIST-CVE-2017-0428]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2017-0428] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0428]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-0428]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0429

(json)

CVE numbers: CVE-2017-0429 [Bulletin-CVE-2017-0429]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in NVIDIA GPU driver
Details: An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429. [NIST-CVE-2017-0429]
Discovered by: Yuan-Tsung Lo of C0RE Team [Discovery-CVE-2017-0429] on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0429]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-0429]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0430

(json)

CVE numbers: CVE-2017-0430 [Bulletin-CVE-2017-0430]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Broadcom Wi-Fi driver
Details: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459. [NIST-CVE-2017-0430]
Discovered by: on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0430]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2017-0430]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0431

(json)

CVE numbers: CVE-2017-0431 [Bulletin-CVE-2017-0431]
Coordinated disclosure?: unknown
Categories: Vulnerabilities in Qualcomm components
Details: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899. [NIST-CVE-2017-0431]
Discovered by: on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2017-0431]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-0431]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2017-0466

(json)

CVE numbers: CVE-2017-0466 [Bulletin-CVE-2017-0466]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050. [NIST-CVE-2017-0466]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0466] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0466]
Fixed on: 2016-12-20 [A-33139050]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0466] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0466]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0466]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0467

(json)

CVE numbers: CVE-2017-0467 [Bulletin-CVE-2017-0467]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33250932. [NIST-CVE-2017-0467]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0467] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0467]
Fixed on: 2016-12-20 [A-33250932]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0467] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0467]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0467]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0468

(json)

CVE numbers: CVE-2017-0468 [Bulletin-CVE-2017-0468]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708. [NIST-CVE-2017-0468]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0468] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0468]
Fixed on: 2016-12-20 [A-33351708]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0468] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0468]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0468]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0469

(json)

CVE numbers: CVE-2017-0469 [Bulletin-CVE-2017-0469]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635. [NIST-CVE-2017-0469]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0469] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0469]
Fixed on: 2016-12-27 [A-33450635]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0469] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0469]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0469]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0470

(json)

CVE numbers: CVE-2017-0470 [Bulletin-CVE-2017-0470]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500. [NIST-CVE-2017-0470]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0470] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0470]
Fixed on: 2015-12-18 [A-33818500]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0470] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0470]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0470]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0471

(json)

CVE numbers: CVE-2017-0471 [Bulletin-CVE-2017-0471]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33816782. [NIST-CVE-2017-0471]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0471] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0471]
Fixed on: 2017-01-13 [A-33816782]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0471] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0471]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0471]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0472

(json)

CVE numbers: CVE-2017-0472 [Bulletin-CVE-2017-0472]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33862021. [NIST-CVE-2017-0472]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0472] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0472]
Fixed on: 2017-01-13 [A-33862021]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0472] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0472]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0472]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0473

(json)

CVE numbers: CVE-2017-0473 [Bulletin-CVE-2017-0473]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33982658. [NIST-CVE-2017-0473]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0473] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0473]
Fixed on: 2017-01-16 [A-33982658]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0473] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0473]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0473]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0474

(json)

CVE numbers: CVE-2017-0474 [Bulletin-CVE-2017-0474]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224. [NIST-CVE-2017-0474]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0474]
Fixed on: 2016-11-29 [A-32589224]
Fix released on: Unknown
Affected versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0474] regex: (7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0474]
Fixed versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0474]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0475

(json)

CVE numbers: CVE-2017-0475 [Bulletin-CVE-2017-0475]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in recovery verifier
Details: An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369. [NIST-CVE-2017-0475]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0475] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0475]
Fixed on: 2016-12-16 [A-31914369]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0475] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0475]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0475]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0500

(json)

CVE numbers: CVE-2017-0500 [Bulletin-CVE-2017-0500]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek components
Details: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006. [NIST-CVE-2017-0500]
Discovered by: pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0500] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0500]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2017-0500]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0501

(json)

CVE numbers: CVE-2017-0501 [Bulletin-CVE-2017-0501]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek components
Details: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430015. References: M-ALPS02708983. [NIST-CVE-2017-0501]
Discovered by: pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0501] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0501]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2017-0501]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0502

(json)

CVE numbers: CVE-2017-0502 [Bulletin-CVE-2017-0502]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek components
Details: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027. [NIST-CVE-2017-0502]
Discovered by: pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0502] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0502]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2017-0502]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0503

(json)

CVE numbers: CVE-2017-0503 [Bulletin-CVE-2017-0503]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek components
Details: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075. [NIST-CVE-2017-0503]
Discovered by: pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0503] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0503]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2017-0503]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0504

(json)

CVE numbers: CVE-2017-0504 [Bulletin-CVE-2017-0504]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek components
Details: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. References: M-ALPS02829371. [NIST-CVE-2017-0504]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2017-0504] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0504]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2017-0504]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0505

(json)

CVE numbers: CVE-2017-0505 [Bulletin-CVE-2017-0505]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek components
Details: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31822282. References: M-ALPS02992041. [NIST-CVE-2017-0505]
Discovered by: salls (@chris_salls) of Shellphish Grill Team, UC Santa Barbara [Discovery-CVE-2017-0505] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0505]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2017-0505]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0506

(json)

CVE numbers: CVE-2017-0506 [Bulletin-CVE-2017-0506]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in MediaTek components
Details: An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32276718. References: M-ALPS03006904. [NIST-CVE-2017-0506]
Discovered by: Yang Song of Alibaba Mobile Security Group [Discovery-CVE-2017-0506] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0506]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2017-0506]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0507

(json)

CVE numbers: CVE-2017-0507 [Bulletin-CVE-2017-0507]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382. [NIST-CVE-2017-0507]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0507]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0507]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0508

(json)

CVE numbers: CVE-2017-0508 [Bulletin-CVE-2017-0508]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33940449. [NIST-CVE-2017-0508]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0508]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0508]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0509

(json)

CVE numbers: CVE-2017-0509 [Bulletin-CVE-2017-0509]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Broadcom Wi-Fi driver
Details: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688. [NIST-CVE-2017-0509]
Discovered by: pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0509] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0509]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2017-0509]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0510

(json)

CVE numbers: CVE-2017-0510 [Bulletin-CVE-2017-0510]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel FIQ debugger
Details: An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555. [NIST-CVE-2017-0510]
Discovered by: Sagi Kedmi of IBM Security X-Force Research [Discovery-CVE-2017-0510] on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2017-0510]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0510]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0538

(json)

CVE numbers: CVE-2017-0538 [Bulletin-CVE-2017-0538]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588. [NIST-CVE-2017-0538]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0538] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0538]
Fixed on: 2017-01-05 [A-33641588]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0538] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0538]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0538]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0539

(json)

CVE numbers: CVE-2017-0539 [Bulletin-CVE-2017-0539]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300. [NIST-CVE-2017-0539]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0539] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0539]
Fixed on: 2017-01-13 [A-33864300]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0539] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0539]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0539]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0540

(json)

CVE numbers: CVE-2017-0540 [Bulletin-CVE-2017-0540]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031. [NIST-CVE-2017-0540]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0540] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0540]
Fixed on: 2017-04-22 [A-33966031]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0540] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0540]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0540]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0541

(json)

CVE numbers: CVE-2017-0541 [Bulletin-CVE-2017-0541]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018. [NIST-CVE-2017-0541]
Discovered by: Jianjun Dai (@Jioun_dai) of Qihoo 360 Skyeye Labs [Discovery-CVE-2017-0541] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0541]
Fixed on: 2017-02-07 [A-34031018]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0541] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0541]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0541]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0542

(json)

CVE numbers: CVE-2017-0542 [Bulletin-CVE-2017-0542]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721. [NIST-CVE-2017-0542]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0542]
Fixed on: 2016-12-23 [A-33934721]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0542] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0542]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0542]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0543

(json)

CVE numbers: CVE-2017-0543 [Bulletin-CVE-2017-0543]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866. [NIST-CVE-2017-0543]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0543]
Fixed on: 2016-12-15 [A-34097866]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0543] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0543]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0543]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0561

(json)

CVE numbers: CVE-2017-0561 [Bulletin-CVE-2017-0561]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Broadcom Wi-Fi firmware
Details: A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814. [NIST-CVE-2017-0561]
Discovered by: Gal Beniamini of Project Zero [Discovery-CVE-2017-0561] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0561]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2017-0561]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0563

(json)

CVE numbers: CVE-2017-0563 [Bulletin-CVE-2017-0563]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in HTC touchscreen driver
Details: An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. [NIST-CVE-2017-0563]
Discovered by: Roee Hay (@roeehay) of Aleph Research, HCL Technologies [Discovery-CVE-2017-0563] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0563]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: HTC [Bulletin-CVE-2017-0563]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0564

(json)

CVE numbers: CVE-2017-0564 [Bulletin-CVE-2017-0564]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel ION subsystem
Details: An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203. [NIST-CVE-2017-0564]
Discovered by: Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0564] on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2017-0564]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0564]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-30

CVE-2017-0587

(json)

CVE numbers: CVE-2017-0587 [Bulletin-CVE-2017-0587]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737. [NIST-CVE-2017-0587]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0587] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0587]
Fixed on: 2016-06-01 [A-35219737]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0587] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0587]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0587]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0588

(json)

CVE numbers: CVE-2017-0588 [Bulletin-CVE-2017-0588]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607. [NIST-CVE-2017-0588]
Discovered by: Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc. [Discovery-CVE-2017-0588] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0588]
Fixed on: 2017-03-10 [A-34618607]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0588] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0588]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0588]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0589

(json)

CVE numbers: CVE-2017-0589 [Bulletin-CVE-2017-0589]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036. [NIST-CVE-2017-0589]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0589] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0589]
Fixed on: 2017-03-06 [A-34897036]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0589] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0589]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0589]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0590

(json)

CVE numbers: CVE-2017-0590 [Bulletin-CVE-2017-0590]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946. [NIST-CVE-2017-0590]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0590] on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0590]
Fixed on: 2017-01-13 [A-35039946]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0590] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0590]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0590]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0591

(json)

CVE numbers: CVE-2017-0591 [Bulletin-CVE-2017-0591]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672. [NIST-CVE-2017-0591]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0591]
Fixed on: 2016-12-15 [A-34097672]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0591] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0591]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0591]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0592

(json)

CVE numbers: CVE-2017-0592 [Bulletin-CVE-2017-0592]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in Mediaserver
Details: A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788. [NIST-CVE-2017-0592]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0592]
Fixed on: 2016-10-24 [A-34970788]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0592] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0592]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0592]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0604

(json)

CVE numbers: CVE-2017-0604 [Bulletin-CVE-2017-0604]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in Qualcomm power driver
Details: An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589. [NIST-CVE-2017-0604]
Discovered by: on: Unknown
Reported on: 2017-05-01 [Bulletin-CVE-2017-0604]
Fixed on: 2015-04-20 [QC-CR#826589]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-0604]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0637

(json)

CVE numbers: CVE-2017-0637 [Bulletin-CVE-2017-0637]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500. [NIST-CVE-2017-0637]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0637] on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2017-0637]
Fixed on: 2017-03-31 [A-34064500]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0637] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0637]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0637]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0673

(json)

CVE numbers: CVE-2017-0673 [Bulletin-CVE-2017-0673]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623. [NIST-CVE-2017-0673]
Discovered by: on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0673]
Fixed on: 2016-12-30 [A-33974623]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0673] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0673]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0673]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0674

(json)

CVE numbers: CVE-2017-0674 [Bulletin-CVE-2017-0674]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163. [NIST-CVE-2017-0674]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0674] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0674]
Fixed on: 2017-04-05 [A-34231163]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0674] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0674]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0674]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0675

(json)

CVE numbers: CVE-2017-0675 [Bulletin-CVE-2017-0675]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227. [NIST-CVE-2017-0675]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0675] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0675]
Fixed on: 2017-04-05 [2]
Fix released on: Unknown
Affected versions: 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0675] regex: (6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0675]
Fixed versions: 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0675]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0676

(json)

CVE numbers: CVE-2017-0676 [Bulletin-CVE-2017-0676]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431. [NIST-CVE-2017-0676]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0676] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0676]
Fixed on: 2017-04-05 [A-34896431]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0676] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0676]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0676]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0677

(json)

CVE numbers: CVE-2017-0677 [Bulletin-CVE-2017-0677]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074. [NIST-CVE-2017-0677]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0677] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0677]
Fixed on: 2017-03-20 [A-36035074]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0677] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0677]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0677]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0678

(json)

CVE numbers: CVE-2017-0678 [Bulletin-CVE-2017-0678]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151. [NIST-CVE-2017-0678]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0678] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0678]
Fixed on: 2017-05-15 [A-36576151]
Fix released on: Unknown
Affected versions: 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0678] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0678]
Fixed versions: 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0678]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0679

(json)

CVE numbers: CVE-2017-0679 [Bulletin-CVE-2017-0679]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978. [NIST-CVE-2017-0679]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0679] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0679]
Fixed on: 2017-05-08 [A-36996978]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0679] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0679]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0679]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0680

(json)

CVE numbers: CVE-2017-0680 [Bulletin-CVE-2017-0680]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096. [NIST-CVE-2017-0680]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0680] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0680]
Fixed on: 2017-02-10 [A-37008096]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0680] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0680]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0680]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0681

(json)

CVE numbers: CVE-2017-0681 [Bulletin-CVE-2017-0681]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566. [NIST-CVE-2017-0681]
Discovered by: Xuxian Jiang of C0RE Team [Discovery-CVE-2017-0681] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-0681]
Fixed on: 2017-05-11 [A-37208566]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0681] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0681]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0681]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0714

(json)

CVE numbers: CVE-2017-0714 [Bulletin-CVE-2017-0714]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637. [NIST-CVE-2017-0714]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0714] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0714]
Fixed on: 2017-05-19 [A-36492637]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0714] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0714]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0714]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0715

(json)

CVE numbers: CVE-2017-0715 [Bulletin-CVE-2017-0715]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372. [NIST-CVE-2017-0715]
Discovered by: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro [Discovery-CVE-2017-0715] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0715]
Fixed on: 2017-05-08 [A-36998372]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0715] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0715]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0715]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0716

(json)

CVE numbers: CVE-2017-0716 [Bulletin-CVE-2017-0716]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196. [NIST-CVE-2017-0716]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0716] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0716]
Fixed on: 2017-05-12 [A-37203196]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0716] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0716]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0716]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0718

(json)

CVE numbers: CVE-2017-0718 [Bulletin-CVE-2017-0718]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547. [NIST-CVE-2017-0718]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0718] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0718]
Fixed on: 2017-05-30 [A-37273547]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0718] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0718]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0718]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0719

(json)

CVE numbers: CVE-2017-0719 [Bulletin-CVE-2017-0719]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673. [NIST-CVE-2017-0719]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0719] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0719]
Fixed on: 2017-04-20 [A-37273673]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0719] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0719]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0719]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0720

(json)

CVE numbers: CVE-2017-0720 [Bulletin-CVE-2017-0720]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213. [NIST-CVE-2017-0720]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0720] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0720]
Fixed on: 2017-05-23 [A-37430213]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0720] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0720]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0720]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0721

(json)

CVE numbers: CVE-2017-0721 [Bulletin-CVE-2017-0721]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455. [NIST-CVE-2017-0721]
Discovered by: on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0721]
Fixed on: 2017-04-21 [A-37561455]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0721] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0721]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0721]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0722

(json)

CVE numbers: CVE-2017-0722 [Bulletin-CVE-2017-0722]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827. [NIST-CVE-2017-0722]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0722] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0722]
Fixed on: 2017-05-19 [A-37660827]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0722] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0722]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0722]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0723

(json)

CVE numbers: CVE-2017-0723 [Bulletin-CVE-2017-0723]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755. [NIST-CVE-2017-0723]
Discovered by: on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0723]
Fixed on: 2017-04-21 [A-37968755]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0723] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0723]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0723]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0745

(json)

CVE numbers: CVE-2017-0745 [Bulletin-CVE-2017-0745]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296. [NIST-CVE-2017-0745]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0745] on: Unknown
Reported on: 2017-08-01 [Bulletin-CVE-2017-0745]
Fixed on: 2017-05-18 [A-37079296]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0745] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0745]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0745]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0756

(json)

CVE numbers: CVE-2017-0756 [Bulletin-CVE-2017-0756]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. [NIST-CVE-2017-0756]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0756]
Fixed on: 2017-03-10 [A-34621073]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0756] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0756]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0756]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0757

(json)

CVE numbers: CVE-2017-0757 [Bulletin-CVE-2017-0757]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. [NIST-CVE-2017-0757]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-0757] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0757]
Fixed on: 2017-06-01 [A-36006815]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0757] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0757]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0757]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0758

(json)

CVE numbers: CVE-2017-0758 [Bulletin-CVE-2017-0758]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. [NIST-CVE-2017-0758]
Discovered by: Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0758] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0758]
Fixed on: 2017-06-02 [A-36492741]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0758] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0758]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0758]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0759

(json)

CVE numbers: CVE-2017-0759 [Bulletin-CVE-2017-0759]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. [NIST-CVE-2017-0759]
Discovered by: Weichao Sun (@sunblate) of Alibaba Inc. [Discovery-CVE-2017-0759] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0759]
Fixed on: 2017-04-13 [A-36715268]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0759] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0759]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0759]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0760

(json)

CVE numbers: CVE-2017-0760 [Bulletin-CVE-2017-0760]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. [NIST-CVE-2017-0760]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0760] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0760]
Fixed on: 2017-05-30 [A-37237396]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0760] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0760]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0760]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0761

(json)

CVE numbers: CVE-2017-0761 [Bulletin-CVE-2017-0761]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. [NIST-CVE-2017-0761]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0761] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0761]
Fixed on: 2017-06-16 [A-38448381]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0761] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0761]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0761]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0762

(json)

CVE numbers: CVE-2017-0762 [Bulletin-CVE-2017-0762]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. [NIST-CVE-2017-0762]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0762]
Fixed on: 2017-05-17 [A-62214264]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0762] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0762]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2017-0762]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0763

(json)

CVE numbers: CVE-2017-0763 [Bulletin-CVE-2017-0763]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. [NIST-CVE-2017-0763]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0763]
Fixed on: 2017-06-22 [A-62534693]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0763] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0763]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0763]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0764

(json)

CVE numbers: CVE-2017-0764 [Bulletin-CVE-2017-0764]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. [NIST-CVE-2017-0764]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0764] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0764]
Fixed on: 2017-07-13 [A-62872015]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0764] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0764]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0764]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0765

(json)

CVE numbers: CVE-2017-0765 [Bulletin-CVE-2017-0765]
Coordinated disclosure?: unknown
Categories: Media Framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. [NIST-CVE-2017-0765]
Discovered by: Xuxian Jiang of C0RE Team [Discovery-CVE-2017-0765] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0765]
Fixed on: 2017-07-10 [A-62872863]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0765] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0765]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0765]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0781

(json)

CVE numbers: CVE-2017-0781 [Bulletin-CVE-2017-0781]
Coordinated disclosure?: unknown
Categories: System
Details: A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. [NIST-CVE-2017-0781]
Discovered by: Gregory Vishnepolsky of Armis, Inc. [Discovery-CVE-2017-0781] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0781]
Fixed on: 2017-07-17 [2]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0781] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0781]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0781]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0782

(json)

CVE numbers: CVE-2017-0782 [Bulletin-CVE-2017-0782]
Coordinated disclosure?: unknown
Categories: System
Details: A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. [NIST-CVE-2017-0782]
Discovered by: Gregory Vishnepolsky of Armis, Inc. [Discovery-CVE-2017-0782] on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-0782]
Fixed on: 2017-07-17 [3]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0782] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0782]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0782]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0809

(json)

CVE numbers: CVE-2017-0809 [Bulletin-CVE-2017-0809]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128. [NIST-CVE-2017-0809]
Discovered by: on: Unknown
Reported on: 2017-10-01 [Bulletin-CVE-2017-0809]
Fixed on: 2017-06-27 [A-62673128]
Fix released on: Unknown
Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0809] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0809]
Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0809]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0810

(json)

CVE numbers: CVE-2017-0810 [Bulletin-CVE-2017-0810]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066. [NIST-CVE-2017-0810]
Discovered by: on: Unknown
Reported on: 2017-10-01 [Bulletin-CVE-2017-0810]
Fixed on: 2017-06-09 [A-38207066]
Fix released on: Unknown
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0810] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0810]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0810]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0811

(json)

CVE numbers: CVE-2017-0811 [Bulletin-CVE-2017-0811]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177. [NIST-CVE-2017-0811]
Discovered by: on: Unknown
Reported on: 2017-10-01 [Bulletin-CVE-2017-0811]
Fixed on: 2017-05-03 [A-37930177]
Fix released on: Unknown
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0811] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0811]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0811]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0832

(json)

CVE numbers: CVE-2017-0832 [Bulletin-CVE-2017-0832]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820. [NIST-CVE-2017-0832]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0832]
Fixed on: 2017-06-09 [A-62887820]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0832]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0832] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0832]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0832]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0833

(json)

CVE numbers: CVE-2017-0833 [Bulletin-CVE-2017-0833]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384. [NIST-CVE-2017-0833]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0833]
Fixed on: 2017-06-22 [A-62896384]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0833]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0833] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0833]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0833]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0834

(json)

CVE numbers: CVE-2017-0834 [Bulletin-CVE-2017-0834]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953. [NIST-CVE-2017-0834]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0834]
Fixed on: 2017-06-27 [A-63125953]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0834]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0834] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0834]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0834]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0835

(json)

CVE numbers: CVE-2017-0835 [Bulletin-CVE-2017-0835]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832. [NIST-CVE-2017-0835]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0835]
Fixed on: 2017-06-09 [A-63316832]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0835]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0835] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0835]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0835]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0836

(json)

CVE numbers: CVE-2017-0836 [Bulletin-CVE-2017-0836]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226. [NIST-CVE-2017-0836]
Discovered by: Mingjian Zhou (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2017-0836] on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0836]
Fixed on: 2017-08-31 [A-64893226]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0836]
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0836] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0836]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0836]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0841

(json)

CVE numbers: CVE-2017-0841 [Bulletin-CVE-2017-0841]
Coordinated disclosure?: unknown
Categories: System
Details: A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. [NIST-CVE-2017-0841]
Discovered by: Jose Martinez [Discovery-CVE-2017-0841] on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-0841]
Fixed on: 2017-08-14 [A-37723026]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-0841]
Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0841] regex: (5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0841]
Fixed versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0841]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0872

(json)

CVE numbers: CVE-2017-0872 [Bulletin-CVE-2017-0872]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323. [NIST-CVE-2017-0872]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-0872]
Fixed on: 2017-09-27 [A-65290323]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-0872]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0872] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0872]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-0872]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0876

(json)

CVE numbers: CVE-2017-0876 [Bulletin-CVE-2017-0876]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675. [NIST-CVE-2017-0876]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-0876]
Fixed on: Unknown
Fix released on: 2017-12-05 [Bulletin-CVE-2017-0876]
Affected versions: 6.0 [Bulletin-CVE-2017-0876] regex: (6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0876]
Fixed versions: 6.0 [Bulletin-CVE-2017-0876]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0877

(json)

CVE numbers: CVE-2017-0877 [Bulletin-CVE-2017-0877]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937. [NIST-CVE-2017-0877]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-0877]
Fixed on: Unknown
Fix released on: 2017-12-05 [Bulletin-CVE-2017-0877]
Affected versions: 6.0 [Bulletin-CVE-2017-0877] regex: (6.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0877]
Fixed versions: 6.0 [Bulletin-CVE-2017-0877]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0878

(json)

CVE numbers: CVE-2017-0878 [Bulletin-CVE-2017-0878]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291. [NIST-CVE-2017-0878]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-0878]
Fixed on: 2017-08-29 [A-65186291]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-0878]
Affected versions: 8.0 [Bulletin-CVE-2017-0878] regex: (8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-0878]
Fixed versions: 8.0 [Bulletin-CVE-2017-0878]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-11004

(json)

CVE numbers: CVE-2017-11004 [Bulletin-CVE-2017-11004]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016. [NIST-CVE-2017-11004]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2017-11004]
Fixed on: Unknown
Fix released on: 2018-12-05 [Bulletin-CVE-2017-11004]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-11004]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-11013

(json)

CVE numbers: CVE-2017-11013 [Bulletin-CVE-2017-11013]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against "pIe->arraybound". [NIST-CVE-2017-11013]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-11013]
Fixed on: 2017-06-30 [QC-CR#2058261]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-11013]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-11013]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-11014

(json)

CVE numbers: CVE-2017-11014 [Bulletin-CVE-2017-11014]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur. [NIST-CVE-2017-11014]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-11014]
Fixed on: 2017-07-05 [QC-CR#2060959]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-11014]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-11014]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-11015

(json)

CVE numbers: CVE-2017-11015 [Bulletin-CVE-2017-11015]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the driver can not handle challenge text larger than 128 bytes. [NIST-CVE-2017-11015]
Discovered by: on: Unknown
Reported on: 2017-11-01 [Bulletin-CVE-2017-11015]
Fixed on: 2017-07-05 [QC-CR#2060959]
Fix released on: 2017-11-06 [Bulletin-CVE-2017-11015]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-11015]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-11041

(json)

CVE numbers: CVE-2017-11041 [Bulletin-CVE-2017-11041]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another. [NIST-CVE-2017-11041]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-11041]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-11041]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-11043

(json)

CVE numbers: CVE-2017-11043 [Bulletin-CVE-2017-11043]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur. [NIST-CVE-2017-11043]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-11043]
Fixed on: 2017-07-12 [QC-CR#2067820]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-11043]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-11043]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-11053

(json)

CVE numbers: CVE-2017-11053 [Bulletin-CVE-2017-11053]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame(). [NIST-CVE-2017-11053]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2017-11053] on: Unknown
Reported on: 2017-10-01 [Bulletin-CVE-2017-11053]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-11053]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-11120

(json)

CVE numbers: CVE-2017-11120 [Bulletin-CVE-2017-11120]
Coordinated disclosure?: unknown
Categories: Broadcom components
Details: On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. [NIST-CVE-2017-11120]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-11120]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2017-11120]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-11121

(json)

CVE numbers: CVE-2017-11121 [Bulletin-CVE-2017-11121]
Coordinated disclosure?: unknown
Categories: Broadcom components
Details: On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. [NIST-CVE-2017-11121]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-11121]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2017-11121]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13151

(json)

CVE numbers: CVE-2017-13151 [Bulletin-CVE-2017-13151]
Coordinated disclosure?: unknown
Categories: Media framework
Details: A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456. [NIST-CVE-2017-13151]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-13151]
Fixed on: 2017-07-12 [A-63874456]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-13151]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-13151] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13151]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-13151]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13160

(json)

CVE numbers: CVE-2017-13160 [Bulletin-CVE-2017-13160]
Coordinated disclosure?: unknown
Categories: System
Details: A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362. [NIST-CVE-2017-13160]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2017-13160] on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-13160]
Fixed on: 2017-04-06 [A-37160362]
Fix released on: 2017-12-05 [Bulletin-CVE-2017-13160]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-13160] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13160]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0 [Bulletin-CVE-2017-13160]
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-13177

(json)

CVE numbers: CVE-2017-13177 [Bulletin-CVE-2017-13177]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413. [NIST-CVE-2017-13177]
Discovered by: on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-13177]
Fixed on: 2017-10-09 [A-68320413]
Fix released on: 2018-01-05 [Bulletin-CVE-2017-13177]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13177] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13177]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13177]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2017-13178

(json)

CVE numbers: CVE-2017-13178 [Bulletin-CVE-2017-13178]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281. [NIST-CVE-2017-13178]
Discovered by: Chi Zhang and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2017-13178] on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-13178]
Fixed on: 2017-10-04 [A-66969281]
Fix released on: 2018-01-05 [Bulletin-CVE-2017-13178]
Affected versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13178] regex: (6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13178]
Fixed versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13178]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13179

(json)

CVE numbers: CVE-2017-13179 [Bulletin-CVE-2017-13179]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193. [NIST-CVE-2017-13179]
Discovered by: Chi Zhang and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2017-13179] on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-13179]
Fixed on: 2017-10-04 [A-66969193]
Fix released on: 2018-01-05 [Bulletin-CVE-2017-13179]
Affected versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13179] regex: (6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13179]
Fixed versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13179]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13208

(json)

CVE numbers: CVE-2017-13208 [Bulletin-CVE-2017-13208]
Coordinated disclosure?: unknown
Categories: System
Details: In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440. [NIST-CVE-2017-13208]
Discovered by: tintinweb [Discovery-CVE-2017-13208] on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-13208]
Fixed on: 2017-10-13 [A-67474440]
Fix released on: 2018-01-05 [Bulletin-CVE-2017-13208]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13208] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13208]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13208]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13228

(json)

CVE numbers: CVE-2017-13228 [Bulletin-CVE-2017-13228]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425. [NIST-CVE-2017-13228]
Discovered by: on: Unknown
Reported on: 2018-02-01 [Bulletin-CVE-2017-13228]
Fixed on: 2017-11-28 [A-69478425]
Fix released on: 2018-02-05 [Bulletin-CVE-2017-13228]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13228] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13228]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13228]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13230

(json)

CVE numbers: CVE-2017-13230 [Bulletin-CVE-2017-13230]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665. [NIST-CVE-2017-13230]
Discovered by: Niky1235 (@jiych_guru) [Discovery-CVE-2017-13230] on: Unknown
Reported on: 2018-02-01 [Bulletin-CVE-2017-13230]
Fixed on: 2017-07-06 [A-65483665]
Fix released on: 2018-02-05 [Bulletin-CVE-2017-13230]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2017-13230] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13230]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2017-13230]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13248

(json)

CVE numbers: CVE-2017-13248 [Bulletin-CVE-2017-13248]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612. [NIST-CVE-2017-13248]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-13248] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13248]
Fixed on: 2017-12-18 [A-70349612]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13248]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13248] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13248]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13248]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13249

(json)

CVE numbers: CVE-2017-13249 [Bulletin-CVE-2017-13249]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408. [NIST-CVE-2017-13249]
Discovered by: Vasily Vasiliev [Discovery-CVE-2017-13249] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13249]
Fixed on: 2017-08-09 [A-70399408]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13249]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13249] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13249]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13249]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13250

(json)

CVE numbers: CVE-2017-13250 [Bulletin-CVE-2017-13250]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536. [NIST-CVE-2017-13250]
Discovered by: on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13250]
Fixed on: 2017-12-27 [A-71375536]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13250]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13250] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13250]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13250]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13251

(json)

CVE numbers: CVE-2017-13251 [Bulletin-CVE-2017-13251]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702. [NIST-CVE-2017-13251]
Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-13251] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13251]
Fixed on: 2017-12-28 [A-69269702]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13251]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13251] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13251]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13251]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13255

(json)

CVE numbers: CVE-2017-13255 [Bulletin-CVE-2017-13255]
Coordinated disclosure?: unknown
Categories: System
Details: In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054. [NIST-CVE-2017-13255]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-13255] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13255]
Fixed on: 2018-01-09 [A-68776054]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13255]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13255] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13255]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13255]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13256

(json)

CVE numbers: CVE-2017-13256 [Bulletin-CVE-2017-13256]
Coordinated disclosure?: unknown
Categories: System
Details: In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966. [NIST-CVE-2017-13256]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-13256] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13256]
Fixed on: 2018-01-09 [A-68817966]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13256]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13256] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13256]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13256]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13266

(json)

CVE numbers: CVE-2017-13266 [Bulletin-CVE-2017-13266]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941. [NIST-CVE-2017-13266]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-13266] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13266]
Fixed on: 2018-01-10 [A-69478941]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13266]
Affected versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13266] regex: (5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13266]
Fixed versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13266]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13267

(json)

CVE numbers: CVE-2017-13267 [Bulletin-CVE-2017-13267]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009. [NIST-CVE-2017-13267]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13267] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13267]
Fixed on: 2018-01-10 [A-69479009]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13267]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13267] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13267]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13267]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13272

(json)

CVE numbers: CVE-2017-13272 [Bulletin-CVE-2017-13272]
Coordinated disclosure?: unknown
Categories: System
Details: In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137. [NIST-CVE-2017-13272]
Discovered by: Wish Wu (@wish_wu 吴潍浠此彼) of Ant-financial Light-Year Security Lab [Discovery-CVE-2017-13272] on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-13272]
Fixed on: 2018-01-11 [2]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-13272]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13272] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13272]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13272]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13276

(json)

CVE numbers: CVE-2017-13276 [Bulletin-CVE-2017-13276]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599. [NIST-CVE-2017-13276]
Discovered by: Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13276] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13276]
Fixed on: 2018-01-12 [A-70637599]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13276]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13276] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13276]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13276]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13277

(json)

CVE numbers: CVE-2017-13277 [Bulletin-CVE-2017-13277]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027. [NIST-CVE-2017-13277]
Discovered by: Weichao Sun of Alibaba Inc (@sunblate) [Discovery-CVE-2017-13277] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13277]
Fixed on: 2018-01-23 [A-72165027]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13277]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13277] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13277]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13277]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13281

(json)

CVE numbers: CVE-2017-13281 [Bulletin-CVE-2017-13281]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262. [NIST-CVE-2017-13281]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13281] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13281]
Fixed on: 2018-02-09 [A-71603262]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13281]
Affected versions: 8.0, 8.1 [Bulletin-CVE-2017-13281] regex: (8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13281]
Fixed versions: 8.0, 8.1 [Bulletin-CVE-2017-13281]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13282

(json)

CVE numbers: CVE-2017-13282 [Bulletin-CVE-2017-13282]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315. [NIST-CVE-2017-13282]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13282] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13282]
Fixed on: 2018-02-02 [A-71603315]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13282]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13282] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13282]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13282]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13283

(json)

CVE numbers: CVE-2017-13283 [Bulletin-CVE-2017-13283]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410. [NIST-CVE-2017-13283]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2017-13283] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13283]
Fixed on: 2018-02-02 [A-71603410]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13283]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13283] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13283]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13283]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13284

(json)

CVE numbers: CVE-2017-13284 [Bulletin-CVE-2017-13284]
Coordinated disclosure?: unknown
Categories: System
Details: In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273. [NIST-CVE-2017-13284]
Discovered by: Jean-Baptiste Cayrou (@jbcayrou) [Discovery-CVE-2017-13284] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13284]
Fixed on: 2018-02-09 [A-70808273]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13284]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13284] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-13284]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2017-13284]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-13292

(json)

CVE numbers: CVE-2017-13292 [Bulletin-CVE-2017-13292]
Coordinated disclosure?: unknown
Categories: Broadcom components
Details: In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201. [NIST-CVE-2017-13292]
Discovered by: Daxing Guo of Tencent's Xuanwu Lab [Discovery-CVE-2017-13292] on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-13292]
Fixed on: Unknown
Fix released on: 2018-04-05 [Bulletin-CVE-2017-13292]
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2017-13292]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-14911

(json)

CVE numbers: CVE-2017-14911 [Bulletin-CVE-2017-14911]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config. [NIST-CVE-2017-14911]
Discovered by: on: Unknown
Reported on: 2018-01-01 [Bulletin-CVE-2017-14911]
Fixed on: Unknown
Fix released on: 2018-01-05 [Bulletin-CVE-2017-14911]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-14911]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-15815

(json)

CVE numbers: CVE-2017-15815 [Bulletin-CVE-2017-15815]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame. [NIST-CVE-2017-15815]
Discovered by: on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-15815]
Fixed on: 2017-08-31 [QC-CR#2093392]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-15815]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-15815]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-15822

(json)

CVE numbers: CVE-2017-15822 [Bulletin-CVE-2017-15822]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur. [NIST-CVE-2017-15822]
Discovered by: on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-15822]
Fixed on: 2017-10-12 [QC-CR#2123807]
Fix released on: 2018-04-05 [Bulletin-CVE-2017-15822]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-15822]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-15860

(json)

CVE numbers: CVE-2017-15860 [Bulletin-CVE-2017-15860]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur. [NIST-CVE-2017-15860]
Discovered by: on: Unknown
Reported on: 2018-02-01 [Bulletin-CVE-2017-15860]
Fixed on: 2017-07-31 [QC-CR#2082544]
Fix released on: 2018-02-05 [Bulletin-CVE-2017-15860]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-15860]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-17773

(json)

CVE numbers: CVE-2017-17773 [Bulletin-CVE-2017-17773]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow. [NIST-CVE-2017-17773]
Discovered by: on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-17773]
Fixed on: Unknown
Fix released on: 2018-03-05 [Bulletin-CVE-2017-17773]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-17773]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18067

(json)

CVE numbers: CVE-2017-18067 [Bulletin-CVE-2017-18067]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow. [NIST-CVE-2017-18067]
Discovered by: on: Unknown
Reported on: 2018-03-01 [Bulletin-CVE-2017-18067]
Fixed on: 2017-07-27 [2]
Fix released on: 2018-03-05 [Bulletin-CVE-2017-18067]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18067]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18071

(json)

CVE numbers: CVE-2017-18071 [Bulletin-CVE-2017-18071]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, debug policy can potentially be bypassed. [NIST-CVE-2017-18071]
Discovered by: on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-18071]
Fixed on: Unknown
Fix released on: 2018-04-05 [Bulletin-CVE-2017-18071]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18071]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18128

(json)

CVE numbers: CVE-2017-18128 [Bulletin-CVE-2017-18128]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, improper access control while configuring MPU protecting error correction registers may potentially lead to exposure of related secured data. [NIST-CVE-2017-18128]
Discovered by: on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-18128]
Fixed on: Unknown
Fix released on: 2018-04-05 [Bulletin-CVE-2017-18128]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18128]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18141

(json)

CVE numbers: CVE-2017-18141 [Bulletin-CVE-2017-18141]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016. [NIST-CVE-2017-18141]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2017-18141]
Fixed on: Unknown
Fix released on: 2018-12-05 [Bulletin-CVE-2017-18141]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18141]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18146

(json)

CVE numbers: CVE-2017-18146 [Bulletin-CVE-2017-18146]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail. [NIST-CVE-2017-18146]
Discovered by: on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-18146]
Fixed on: Unknown
Fix released on: 2018-04-05 [Bulletin-CVE-2017-18146]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18146]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18155

(json)

CVE numbers: CVE-2017-18155 [Bulletin-CVE-2017-18155]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault. [NIST-CVE-2017-18155]
Discovered by: on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2017-18155]
Fixed on: Unknown
Fix released on: 2018-06-05 [Bulletin-CVE-2017-18155]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18155]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18171

(json)

CVE numbers: CVE-2017-18171 [Bulletin-CVE-2017-18171]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. [NIST-CVE-2017-18171]
Discovered by: on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2017-18171]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2017-18171]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18171]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18296

(json)

CVE numbers: CVE-2017-18296 [Bulletin-CVE-2017-18296]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. [NIST-CVE-2017-18296]
Discovered by: on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2017-18296]
Fixed on: Unknown
Fix released on: 2018-08-05 [Bulletin-CVE-2017-18296]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18296]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18305

(json)

CVE numbers: CVE-2017-18305 [Bulletin-CVE-2017-18305]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835. [NIST-CVE-2017-18305]
Discovered by: on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2017-18305]
Fixed on: Unknown
Fix released on: 2018-08-05 [Bulletin-CVE-2017-18305]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18305]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18310

(json)

CVE numbers: CVE-2017-18310 [Bulletin-CVE-2017-18310]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016 [NIST-CVE-2017-18310]
Discovered by: on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2017-18310]
Fixed on: Unknown
Fix released on: 2018-08-05 [Bulletin-CVE-2017-18310]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18310]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18311

(json)

CVE numbers: CVE-2017-18311 [Bulletin-CVE-2017-18311]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. [NIST-CVE-2017-18311]
Discovered by: on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2017-18311]
Fixed on: Unknown
Fix released on: 2018-09-05 [Bulletin-CVE-2017-18311]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18311]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18314

(json)

CVE numbers: CVE-2017-18314 [Bulletin-CVE-2017-18314]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, on TZ cold boot the CNOC_QDSS RG0 locked by xBL_SEC is cleared by TZ. [NIST-CVE-2017-18314]
Discovered by: on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2017-18314]
Fixed on: Unknown
Fix released on: 2018-09-05 [Bulletin-CVE-2017-18314]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18314]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-18317

(json)

CVE numbers: CVE-2017-18317 [Bulletin-CVE-2017-18317]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A. [NIST-CVE-2017-18317]
Discovered by: on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2017-18317]
Fixed on: Unknown
Fix released on: 2018-11-05 [Bulletin-CVE-2017-18317]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-18317]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-6211

(json)

CVE numbers: CVE-2017-6211 [Bulletin-CVE-2017-6211]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur. [NIST-CVE-2017-6211]
Discovered by: on: Unknown
Reported on: 2017-12-01 [Bulletin-CVE-2017-6211]
Fixed on: Unknown
Fix released on: 2017-12-05 [Bulletin-CVE-2017-6211]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-6211]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-6289

(json)

CVE numbers: CVE-2017-6289 [Bulletin-CVE-2017-6289]
Coordinated disclosure?: unknown
Categories: NVIDIA components
Details: In Android before the 2018-05-05 security patch level, NVIDIA Trusted Execution Environment (TEE) contains a memory corruption (due to unusual root cause) vulnerability, which if run within the speculative execution of the TEE, may lead to local escalation of privileges. This issue is rated as critical. Android: A-72830049. Reference: N-CVE-2017-6289. [NIST-CVE-2017-6289]
Discovered by: on: Unknown
Reported on: 2018-05-01 [Bulletin-CVE-2017-6289]
Fixed on: Unknown
Fix released on: 2018-05-05 [Bulletin-CVE-2017-6289]
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2017-6289]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-7065

(json)

CVE numbers: CVE-2017-7065 [Bulletin-CVE-2017-7065]
Coordinated disclosure?: unknown
Categories: Broadcom components
Details: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11. [NIST-CVE-2017-7065]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-7065]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2017-7065]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-7371

(json)

CVE numbers: CVE-2017-7371 [Bulletin-CVE-2017-7371]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth. [NIST-CVE-2017-7371]
Discovered by: on: Unknown
Reported on: 2017-06-01 [Bulletin-CVE-2017-7371]
Fixed on: 2017-01-23 [QC-CR#1101054]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-7371]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-8248

(json)

CVE numbers: CVE-2017-8248 [Bulletin-CVE-2017-8248]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. [NIST-CVE-2017-8248]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2017-8248]
Fixed on: Unknown
Fix released on: 2018-12-05 [Bulletin-CVE-2017-8248]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-8248]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-8252

(json)

CVE numbers: CVE-2017-8252 [Bulletin-CVE-2017-8252]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2017-8252]
Discovered by: Adrian Tang of Columbia University (CLKSCREW paper) [Discovery-CVE-2017-8252] on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2017-8252]
Fixed on: Unknown
Fix released on: 2019-03-05 [Bulletin-CVE-2017-8252]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-8252]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2017-8274

(json)

CVE numbers: CVE-2017-8274 [Bulletin-CVE-2017-8274]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, an access control vulnerability exists in Core. [NIST-CVE-2017-8274]
Discovered by: on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2017-8274]
Fixed on: Unknown
Fix released on: 2018-04-05 [Bulletin-CVE-2017-8274]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-8274]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2017-8890

(json)

CVE numbers: CVE-2017-8890 [Bulletin-CVE-2017-8890]
Coordinated disclosure?: unknown
Categories: Kernel components
Details: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. [NIST-CVE-2017-8890]
Discovered by: on: Unknown
Reported on: 2017-09-01 [Bulletin-CVE-2017-8890]
Fixed on: 2017-05-09 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2017-8890]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-9417

(json)

CVE numbers: CVE-2017-9417 [Bulletin-CVE-2017-9417]
Coordinated disclosure?: unknown
Categories: Broadcom components
Details: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. [NIST-CVE-2017-9417]
Discovered by: Nitay Artenstein of Exodus Intelligence [Discovery-CVE-2017-9417] on: Unknown
Reported on: 2017-07-01 [Bulletin-CVE-2017-9417]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2017-9417]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-9714

(json)

CVE numbers: CVE-2017-9714 [Bulletin-CVE-2017-9714]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request. [NIST-CVE-2017-9714]
Discovered by: on: Unknown
Reported on: 2017-10-01 [Bulletin-CVE-2017-9714]
Fixed on: 2017-05-16 [QC-CR#2046578]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2017-9714]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE-2018-11257

(json)

CVE numbers: CVE-2018-11257 [Bulletin-CVE-2018-11257]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. [NIST-CVE-2018-11257]
Discovered by: on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-11257]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2018-11257]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11257]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-11259

(json)

CVE numbers: CVE-2018-11259 [Bulletin-CVE-2018-11259]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. [NIST-CVE-2018-11259]
Discovered by: on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-11259]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2018-11259]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11259]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-11262

(json)

CVE numbers: CVE-2018-11262 [Bulletin-CVE-2018-11262]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT. [NIST-CVE-2018-11262]
Discovered by: Xuan Xing of Google [Discovery-CVE-2018-11262] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2018-11262]
Fixed on: 2018-04-10 [QC-CR#2221192]
Fix released on: 2019-02-05 [Bulletin-CVE-2018-11262]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11262]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11264

(json)

CVE numbers: CVE-2018-11264 [Bulletin-CVE-2018-11264]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660. [NIST-CVE-2018-11264]
Discovered by: on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-11264]
Fixed on: Unknown
Fix released on: 2018-11-05 [Bulletin-CVE-2018-11264]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11264]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-11271

(json)

CVE numbers: CVE-2018-11271 [Bulletin-CVE-2018-11271]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SM7150, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2018-11271]
Discovered by: on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2018-11271]
Fixed on: Unknown
Fix released on: 2019-04-05 [Bulletin-CVE-2018-11271]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11271]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11279

(json)

CVE numbers: CVE-2018-11279 [Bulletin-CVE-2018-11279]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2018-11279]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-11279]
Fixed on: Unknown
Fix released on: 2018-12-05 [Bulletin-CVE-2018-11279]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11279]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-11289

(json)

CVE numbers: CVE-2018-11289 [Bulletin-CVE-2018-11289]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. [NIST-CVE-2018-11289]
Discovered by: derrek (@derrekr6) [Discovery-CVE-2018-11289] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2018-11289]
Fixed on: Unknown
Fix released on: 2019-02-05 [Bulletin-CVE-2018-11289]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11289]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11817

(json)

CVE numbers: CVE-2018-11817 [Bulletin-CVE-2018-11817]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details:
Discovered by: on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2018-11817]
Fixed on: 2018-07-18 [QC-CR#2241830]
Fix released on: 2019-03-05 [Bulletin-CVE-2018-11817]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11817]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11820

(json)

CVE numbers: CVE-2018-11820 [Bulletin-CVE-2018-11820]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. [NIST-CVE-2018-11820]
Discovered by: derrek (@derrekr6) [Discovery-CVE-2018-11820] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2018-11820]
Fixed on: Unknown
Fix released on: 2019-02-05 [Bulletin-CVE-2018-11820]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11820]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11824

(json)

CVE numbers: CVE-2018-11824 [Bulletin-CVE-2018-11824]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660 [NIST-CVE-2018-11824]
Discovered by: on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-11824]
Fixed on: Unknown
Fix released on: 2018-09-05 [Bulletin-CVE-2018-11824]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11824]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-11847

(json)

CVE numbers: CVE-2018-11847 [Bulletin-CVE-2018-11847]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_2016 [NIST-CVE-2018-11847]
Discovered by: on: Unknown
Reported on: 2019-01-01 [Bulletin-CVE-2018-11847]
Fixed on: Unknown
Fix released on: 2019-01-05 [Bulletin-CVE-2018-11847]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11847]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11938

(json)

CVE numbers: CVE-2018-11938 [Bulletin-CVE-2018-11938]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. [NIST-CVE-2018-11938]
Discovered by: derrek (@derrekr6) [Discovery-CVE-2018-11938] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2018-11938]
Fixed on: Unknown
Fix released on: 2019-02-05 [Bulletin-CVE-2018-11938]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11938]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11940

(json)

CVE numbers: CVE-2018-11940 [Bulletin-CVE-2018-11940]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130 [NIST-CVE-2018-11940]
Discovered by: Pengfei Ding (丁鹏飞) of Huawei [Discovery-CVE-2018-11940] on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2018-11940]
Fixed on: 2018-06-08 [QC-CR#2254946]
Fix released on: 2019-04-05 [Bulletin-CVE-2018-11940]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11940]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11945

(json)

CVE numbers: CVE-2018-11945 [Bulletin-CVE-2018-11945]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. [NIST-CVE-2018-11945]
Discovered by: on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2018-11945]
Fixed on: Unknown
Fix released on: 2019-02-05 [Bulletin-CVE-2018-11945]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11945]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11950

(json)

CVE numbers: CVE-2018-11950 [Bulletin-CVE-2018-11950]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850 [NIST-CVE-2018-11950]
Discovered by: on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-11950]
Fixed on: Unknown
Fix released on: 2018-09-05 [Bulletin-CVE-2018-11950]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11950]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-11958

(json)

CVE numbers: CVE-2018-11958 [Bulletin-CVE-2018-11958]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Insufficient protection of keys in keypad can lead HLOS to gain access to confidential keypad input data in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 [NIST-CVE-2018-11958]
Discovered by: on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2018-11958]
Fixed on: Unknown
Fix released on: 2019-03-05 [Bulletin-CVE-2018-11958]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11958]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-11976

(json)

CVE numbers: CVE-2018-11976 [Bulletin-CVE-2018-11976]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2018-11976]
Discovered by: NCC Group [Discovery-CVE-2018-11976] on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2018-11976]
Fixed on: Unknown
Fix released on: 2019-04-05 [Bulletin-CVE-2018-11976]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11976]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-12004

(json)

CVE numbers: CVE-2018-12004 [Bulletin-CVE-2018-12004]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Secure keypad is unlocked with secure display still intact in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 [NIST-CVE-2018-12004]
Discovered by: on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2018-12004]
Fixed on: Unknown
Fix released on: 2019-04-05 [Bulletin-CVE-2018-12004]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-12004]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-13886

(json)

CVE numbers: CVE-2018-13886 [Bulletin-CVE-2018-13886]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2018-13886]
Discovered by: on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2018-13886]
Fixed on: Unknown
Fix released on: 2019-04-05 [Bulletin-CVE-2018-13886]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-13886]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-13887

(json)

CVE numbers: CVE-2018-13887 [Bulletin-CVE-2018-13887]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130 [NIST-CVE-2018-13887]
Discovered by: on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2018-13887]
Fixed on: Unknown
Fix released on: 2019-04-05 [Bulletin-CVE-2018-13887]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-13887]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-13898

(json)

CVE numbers: CVE-2018-13898 [Bulletin-CVE-2018-13898]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2018-13898]
Discovered by: derrek (@derrekr6) [Discovery-CVE-2018-13898] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2018-13898]
Fixed on: Unknown
Fix released on: 2019-05-05 [Bulletin-CVE-2018-13898]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-13898]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-13924

(json)

CVE numbers: CVE-2018-13924 [Bulletin-CVE-2018-13924]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details:
Discovered by: on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2018-13924]
Fixed on: Unknown
Fix released on: 2019-06-05 [Bulletin-CVE-2018-13924]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-13924]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-13927

(json)

CVE numbers: CVE-2018-13927 [Bulletin-CVE-2018-13927]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details:
Discovered by: on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2018-13927]
Fixed on: Unknown
Fix released on: 2019-06-05 [Bulletin-CVE-2018-13927]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-13927]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-3565

(json)

CVE numbers: CVE-2018-3565 [Bulletin-CVE-2018-3565]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur. [NIST-CVE-2018-3565]
Discovered by: on: Unknown
Reported on: 2018-05-01 [Bulletin-CVE-2018-3565]
Fixed on: 2017-11-07 [QC-CR#2138555]
Fix released on: 2018-05-05 [Bulletin-CVE-2018-3565]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-3565]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-3569

(json)

CVE numbers: CVE-2018-3569 [Bulletin-CVE-2018-3569]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. [NIST-CVE-2018-3569]
Discovered by: on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-3569]
Fixed on: 2017-12-20 [QC-CR#2161920]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-3569]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-3569]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-3580

(json)

CVE numbers: CVE-2018-3580 [Bulletin-CVE-2018-3580]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. [NIST-CVE-2018-3580]
Discovered by: on: Unknown
Reported on: 2018-05-01 [Bulletin-CVE-2018-3580]
Fixed on: 2017-11-29 [QC-CR#2149187]
Fix released on: 2018-05-05 [Bulletin-CVE-2018-3580]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-3580]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-3591

(json)

CVE numbers: CVE-2018-3591 [Bulletin-CVE-2018-3591]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target. [NIST-CVE-2018-3591]
Discovered by: on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2018-3591]
Fixed on: Unknown
Fix released on: 2018-04-05 [Bulletin-CVE-2018-3591]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-3591]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-3592

(json)

CVE numbers: CVE-2018-3592 [Bulletin-CVE-2018-3592]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, added a change to check if the pointer has been reset to NULL or not, before writing to the memory pointed by the pointer. [NIST-CVE-2018-3592]
Discovered by: on: Unknown
Reported on: 2018-04-01 [Bulletin-CVE-2018-3592]
Fixed on: Unknown
Fix released on: 2018-04-05 [Bulletin-CVE-2018-3592]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-3592]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5146

(json)

CVE numbers: CVE-2018-5146 [Bulletin-CVE-2018-5146]
Coordinated disclosure?: unknown
Categories: Media framework
Details: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. [NIST-CVE-2018-5146]
Discovered by: Jose Martinez [Discovery-CVE-2018-5146] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-5146]
Fixed on: Unknown
Fix released on: 2018-06-05 [Bulletin-CVE-2018-5146]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-5146] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-5146]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-5146]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5854

(json)

CVE numbers: CVE-2018-5854 [Bulletin-CVE-2018-5854]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. [NIST-CVE-2018-5854]
Discovered by: on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-5854]
Fixed on: 2018-02-02 [QC-CR#2183877]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-5854]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-5854]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5866

(json)

CVE numbers: CVE-2018-5866 [Bulletin-CVE-2018-5866]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660. [NIST-CVE-2018-5866]
Discovered by: on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-5866]
Fixed on: Unknown
Fix released on: 2018-09-05 [Bulletin-CVE-2018-5866]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-5866]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5872

(json)

CVE numbers: CVE-2018-5872 [Bulletin-CVE-2018-5872]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details: While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur. [NIST-CVE-2018-5872]
Discovered by: on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-5872]
Fixed on: 2018-02-07 [QC-CR#2183014]
Fix released on: 2018-07-05 [Bulletin-CVE-2018-5872]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-5872]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5874

(json)

CVE numbers: CVE-2018-5874 [Bulletin-CVE-2018-5874]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. [NIST-CVE-2018-5874]
Discovered by: on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-5874]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2018-5874]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-5874]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5875

(json)

CVE numbers: CVE-2018-5875 [Bulletin-CVE-2018-5875]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. [NIST-CVE-2018-5875]
Discovered by: on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-5875]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2018-5875]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-5875]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5876

(json)

CVE numbers: CVE-2018-5876 [Bulletin-CVE-2018-5876]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. [NIST-CVE-2018-5876]
Discovered by: on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-5876]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2018-5876]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-5876]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-5912

(json)

CVE numbers: CVE-2018-5912 [Bulletin-CVE-2018-5912]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 [NIST-CVE-2018-5912]
Discovered by: Xiling Gong of Tencent Blade Team [Discovery-CVE-2018-5912] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2018-5912]
Fixed on: Unknown
Fix released on: 2019-05-05 [Bulletin-CVE-2018-5912]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-5912]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-5913

(json)

CVE numbers: CVE-2018-5913 [Bulletin-CVE-2018-5913]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2018-5913]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-5913]
Fixed on: Unknown
Fix released on: 2018-12-05 [Bulletin-CVE-2018-5913]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2018-5913]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-08-01

CVE-2018-6271

(json)

CVE numbers: CVE-2018-6271 [Bulletin-CVE-2018-6271]
Coordinated disclosure?: unknown
Categories: NVIDIA components
Details: NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474. [NIST-CVE-2018-6271]
Discovered by: Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2018-6271] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2018-6271]
Fixed on: Unknown
Fix released on: 2019-02-05 [Bulletin-CVE-2018-6271]
Affected versions: regex:
Affected devices:
Affected manufacturers: NVIDIA [Bulletin-CVE-2018-6271]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2018-9341

(json)

CVE numbers: CVE-2018-9341 [Bulletin-CVE-2018-9341]
Coordinated disclosure?: unknown
Categories: Media framework
Details:
Discovered by: Stephan Zeisberg of Security Research Labs [Discovery-CVE-2018-9341] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9341]
Fixed on: 2018-03-15 [A-74016277]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9341]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9341] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9341]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9341]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9355

(json)

CVE numbers: CVE-2018-9355 [Bulletin-CVE-2018-9355]
Coordinated disclosure?: unknown
Categories: System
Details: In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921. [NIST-CVE-2018-9355]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2018-9355] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9355]
Fixed on: 2018-04-02 [A-74016921]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9355]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9355] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9355]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9355]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9356

(json)

CVE numbers: CVE-2018-9356 [Bulletin-CVE-2018-9356]
Coordinated disclosure?: unknown
Categories: System
Details: In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468. [NIST-CVE-2018-9356]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2018-9356] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9356]
Fixed on: 2018-03-21 [A-74950468]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9356]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9356] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9356]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9356]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9357

(json)

CVE numbers: CVE-2018-9357 [Bulletin-CVE-2018-9357]
Coordinated disclosure?: unknown
Categories: System
Details: In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. [NIST-CVE-2018-9357]
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd [Discovery-CVE-2018-9357] on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9357]
Fixed on: 2018-04-11 [A-74947856]
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9357]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9357] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9357]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9357]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9364

(json)

CVE numbers: CVE-2018-9364 [Bulletin-CVE-2018-9364]
Coordinated disclosure?: unknown
Categories: LG components
Details:
Discovered by: on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9364]
Fixed on: Unknown
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9364]
Affected versions: regex:
Affected devices:
Affected manufacturers: LG [Bulletin-CVE-2018-9364]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9365

(json)

CVE numbers: CVE-2018-9365 [Bulletin-CVE-2018-9365]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9365] on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-9365]
Fixed on: 2018-03-30 [A-74121126]
Fix released on: 2018-07-05 [Bulletin-CVE-2018-9365]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9365] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9365]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9365]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9373

(json)

CVE numbers: CVE-2018-9373 [Bulletin-CVE-2018-9373]
Coordinated disclosure?: unknown
Categories: MediaTek components
Details:
Discovered by: on: Unknown
Reported on: 2018-06-01 [Bulletin-CVE-2018-9373]
Fixed on: Unknown
Fix released on: 2018-06-05 [Bulletin-CVE-2018-9373]
Affected versions: regex:
Affected devices:
Affected manufacturers: MediaTek [Bulletin-CVE-2018-9373]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9411

(json)

CVE numbers: CVE-2018-9411 [Bulletin-CVE-2018-9411]
Coordinated disclosure?: unknown
Categories: Media framework
Details:
Discovered by: Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team [Discovery-CVE-2018-9411] on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-9411]
Fixed on: 2018-05-11 [A-79376389]
Fix released on: 2018-07-05 [Bulletin-CVE-2018-9411]
Affected versions: 8.0, 8.1 [Bulletin-CVE-2018-9411] regex: (8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9411]
Fixed versions: 8.0, 8.1 [Bulletin-CVE-2018-9411]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9427

(json)

CVE numbers: CVE-2018-9427 [Bulletin-CVE-2018-9427]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542. [NIST-CVE-2018-9427]
Discovered by: on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2018-9427]
Fixed on: 2018-05-23 [2]
Fix released on: 2018-08-05 [Bulletin-CVE-2018-9427]
Affected versions: 8.0, 8.1 [Bulletin-CVE-2018-9427] regex: (8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9427]
Fixed versions: 8.0, 8.1 [Bulletin-CVE-2018-9427]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9433

(json)

CVE numbers: CVE-2018-9433 [Bulletin-CVE-2018-9433]
Coordinated disclosure?: unknown
Categories: Framework
Details:
Discovered by: Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9433] on: Unknown
Reported on: 2018-07-01 [Bulletin-CVE-2018-9433]
Fixed on: Unknown
Fix released on: 2018-07-05 [Bulletin-CVE-2018-9433]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2018-9433] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9433]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2018-9433]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9446

(json)

CVE numbers: CVE-2018-9446 [Bulletin-CVE-2018-9446]
Coordinated disclosure?: unknown
Categories: System
Details: In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. [NIST-CVE-2018-9446]
Discovered by: Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9446] on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2018-9446]
Fixed on: 2018-05-29 [A-80145946]
Fix released on: 2018-08-05 [Bulletin-CVE-2018-9446]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9446] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9446]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9446]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9450

(json)

CVE numbers: CVE-2018-9450 [Bulletin-CVE-2018-9450]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. [NIST-CVE-2018-9450]
Discovered by: Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9450] on: Unknown
Reported on: 2018-08-01 [Bulletin-CVE-2018-9450]
Fixed on: 2018-06-05 [A-79541338]
Fix released on: 2018-08-05 [Bulletin-CVE-2018-9450]
Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9450] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9450]
Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9450]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9473

(json)

CVE numbers: CVE-2018-9473 [Bulletin-CVE-2018-9473]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460 [NIST-CVE-2018-9473]
Discovered by: Niky1235 (@jiych_guru) [Discovery-CVE-2018-9473] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9473]
Fixed on: 2017-08-29 [A-65484460]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9473]
Affected versions: 8.0 [Bulletin-CVE-2018-9473] regex: (8.0.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9473]
Fixed versions: 8.0 [Bulletin-CVE-2018-9473]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9475

(json)

CVE numbers: CVE-2018-9475 [Bulletin-CVE-2018-9475]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: En He (@heeeeen4x) and Bo Liu of MS509Team (ms509.com) [Discovery-CVE-2018-9475] on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-9475]
Fixed on: 2018-06-27 [A-79266386]
Fix released on: 2018-09-05 [Bulletin-CVE-2018-9475]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9475] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9475]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9475]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9476

(json)

CVE numbers: CVE-2018-9476 [Bulletin-CVE-2018-9476]
Coordinated disclosure?: unknown
Categories: System
Details: In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112 [NIST-CVE-2018-9476]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9476] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9476]
Fixed on: 2018-06-13 [A-109699112]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9476]
Affected versions: 8.0, 8.1 [Bulletin-CVE-2018-9476] regex: (8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9476]
Fixed versions: 8.0, 8.1 [Bulletin-CVE-2018-9476]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9478

(json)

CVE numbers: CVE-2018-9478 [Bulletin-CVE-2018-9478]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: Jianjun Dai (@jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9478] on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-9478]
Fixed on: 2018-06-22 [A-79217522]
Fix released on: 2018-09-05 [Bulletin-CVE-2018-9478]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9478] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9478]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9478]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9479

(json)

CVE numbers: CVE-2018-9479 [Bulletin-CVE-2018-9479]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: Jianjun Dai (@jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9479] on: Unknown
Reported on: 2018-09-01 [Bulletin-CVE-2018-9479]
Fixed on: 2018-06-22 [A-79217770]
Fix released on: 2018-09-05 [Bulletin-CVE-2018-9479]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9479] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9479]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9479]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9490

(json)

CVE numbers: CVE-2018-9490 [Bulletin-CVE-2018-9490]
Coordinated disclosure?: unknown
Categories: Framework
Details: In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046 [NIST-CVE-2018-9490]
Discovered by: Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9490] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9490]
Fixed on: 2018-08-02 [A-111274046]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9490]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9490] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9490]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9490]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9496

(json)

CVE numbers: CVE-2018-9496 [Bulletin-CVE-2018-9496]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924 [NIST-CVE-2018-9496]
Discovered by: on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9496]
Fixed on: 2018-06-25 [A-110769924]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9496]
Affected versions: 9 [Bulletin-CVE-2018-9496] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9496]
Fixed versions: 9 [Bulletin-CVE-2018-9496]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9497

(json)

CVE numbers: CVE-2018-9497 [Bulletin-CVE-2018-9497]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669 [NIST-CVE-2018-9497]
Discovered by: Stephan Zeisberg of Security Research Labs [Discovery-CVE-2018-9497] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9497]
Fixed on: 2018-06-25 [A-74078669]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9497]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9497] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9497]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9497]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9498

(json)

CVE numbers: CVE-2018-9498 [Bulletin-CVE-2018-9498]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 [NIST-CVE-2018-9498]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9498] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9498]
Fixed on: 2018-01-05 [A-78354855]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9498]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9498] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9498]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2018-9498]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9504

(json)

CVE numbers: CVE-2018-9504 [Bulletin-CVE-2018-9504]
Coordinated disclosure?: unknown
Categories: System
Details: In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176 [NIST-CVE-2018-9504]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9504] on: Unknown
Reported on: 2018-10-01 [Bulletin-CVE-2018-9504]
Fixed on: 2018-07-16 [A-110216176]
Fix released on: 2018-10-05 [Bulletin-CVE-2018-9504]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9504] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9504]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9504]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9527

(json)

CVE numbers: CVE-2018-9527 [Bulletin-CVE-2018-9527]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112159345 [NIST-CVE-2018-9527]
Discovered by: Zinuo Han(weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9527] on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-9527]
Fixed on: 2018-08-16 [A-112159345]
Fix released on: 2018-11-05 [Bulletin-CVE-2018-9527]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9527] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9527]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9527]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9531

(json)

CVE numbers: CVE-2018-9531 [Bulletin-CVE-2018-9531]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641 [NIST-CVE-2018-9531]
Discovered by: on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-9531]
Fixed on: 2018-06-29 [A-112661641]
Fix released on: 2018-11-05 [Bulletin-CVE-2018-9531]
Affected versions: 9 [Bulletin-CVE-2018-9531] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9531]
Fixed versions: 9 [Bulletin-CVE-2018-9531]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9536

(json)

CVE numbers: CVE-2018-9536 [Bulletin-CVE-2018-9536]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 [NIST-CVE-2018-9536]
Discovered by: on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-9536]
Fixed on: 2018-06-08 [A-112662184]
Fix released on: 2018-11-05 [Bulletin-CVE-2018-9536]
Affected versions: 9 [Bulletin-CVE-2018-9536] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9536]
Fixed versions: 9 [Bulletin-CVE-2018-9536]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9537

(json)

CVE numbers: CVE-2018-9537 [Bulletin-CVE-2018-9537]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564 [NIST-CVE-2018-9537]
Discovered by: on: Unknown
Reported on: 2018-11-01 [Bulletin-CVE-2018-9537]
Fixed on: 2018-08-15 [A-112891564]
Fix released on: 2018-11-05 [Bulletin-CVE-2018-9537]
Affected versions: 9 [Bulletin-CVE-2018-9537] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9537]
Fixed versions: 9 [Bulletin-CVE-2018-9537]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9549

(json)

CVE numbers: CVE-2018-9549 [Bulletin-CVE-2018-9549]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868. [NIST-CVE-2018-9549]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9549] on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9549]
Fixed on: 2018-09-10 [A-112160868]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9549]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9549] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9549]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9549]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9550

(json)

CVE numbers: CVE-2018-9550 [Bulletin-CVE-2018-9550]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981. [NIST-CVE-2018-9550]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9550]
Fixed on: 2018-06-08 [A-112660981]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9550]
Affected versions: 9 [Bulletin-CVE-2018-9550] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9550]
Fixed versions: 9 [Bulletin-CVE-2018-9550]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9551

(json)

CVE numbers: CVE-2018-9551 [Bulletin-CVE-2018-9551]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548. [NIST-CVE-2018-9551]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9551]
Fixed on: 2018-08-15 [A-112891548]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9551]
Affected versions: 9 [Bulletin-CVE-2018-9551] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9551]
Fixed versions: 9 [Bulletin-CVE-2018-9551]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9552

(json)

CVE numbers: CVE-2018-9552 [Bulletin-CVE-2018-9552]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-113260892. [NIST-CVE-2018-9552]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9552] on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9552]
Fixed on: 2018-09-11 [A-113260892]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9552]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9552] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9552]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9552]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9555

(json)

CVE numbers: CVE-2018-9555 [Bulletin-CVE-2018-9555]
Coordinated disclosure?: unknown
Categories: System
Details: In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180. [NIST-CVE-2018-9555]
Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2018-9555] on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9555]
Fixed on: 2018-09-17 [A-112321180]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9555]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9555] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9555]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9555]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9556

(json)

CVE numbers: CVE-2018-9556 [Bulletin-CVE-2018-9556]
Coordinated disclosure?: unknown
Categories: System
Details: In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113118184. [NIST-CVE-2018-9556]
Discovered by: on: Unknown
Reported on: 2018-12-01 [Bulletin-CVE-2018-9556]
Fixed on: 2018-09-19 [A-113118184]
Fix released on: 2018-12-05 [Bulletin-CVE-2018-9556]
Affected versions: 9 [Bulletin-CVE-2018-9556] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9556]
Fixed versions: 9 [Bulletin-CVE-2018-9556]
Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9583

(json)

CVE numbers: CVE-2018-9583 [Bulletin-CVE-2018-9583]
Coordinated disclosure?: unknown
Categories: System
Details: In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487. [NIST-CVE-2018-9583]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9583] on: Unknown
Reported on: 2019-01-01 [Bulletin-CVE-2018-9583]
Fixed on: 2018-09-18 [A-112860487]
Fix released on: 2019-01-05 [Bulletin-CVE-2018-9583]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9583] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2018-9583]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9583]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-10492

(json)

CVE numbers: CVE-2019-10492 [Bulletin-CVE-2019-10492]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details:
Discovered by: on: Unknown
Reported on: 2019-08-01 [Bulletin-CVE-2019-10492]
Fixed on: 2019-03-14 [QC-CR#2389432]
Fix released on: 2019-08-05 [Bulletin-CVE-2019-10492]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-10492]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-08-12

CVE-2019-10539

(json)

CVE numbers: CVE-2019-10539 [Bulletin-CVE-2019-10539]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details:
Discovered by: Xiling Gong of Tencent Blade Team [Discovery-CVE-2019-10539] on: Unknown
Reported on: 2019-08-01 [Bulletin-CVE-2019-10539]
Fixed on: Unknown
Fix released on: 2019-08-05 [Bulletin-CVE-2019-10539]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-10539]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-08-12

CVE-2019-10540

(json)

CVE numbers: CVE-2019-10540 [Bulletin-CVE-2019-10540]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details:
Discovered by: Xiling Gong of Tencent Blade Team [Discovery-CVE-2019-10540] on: Unknown
Reported on: 2019-08-01 [Bulletin-CVE-2019-10540]
Fixed on: Unknown
Fix released on: 2019-08-05 [Bulletin-CVE-2019-10540]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-10540]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-08-12

CVE-2019-11516

(json)

CVE numbers: CVE-2019-11516 [Bulletin-CVE-2019-11516]
Coordinated disclosure?: unknown
Categories: Broadcom components
Details:
Discovered by: on: Unknown
Reported on: 2019-08-01 [Bulletin-CVE-2019-11516]
Fixed on: Unknown
Fix released on: 2019-08-05 [Bulletin-CVE-2019-11516]
Affected versions: regex:
Affected devices:
Affected manufacturers: Broadcom [Bulletin-CVE-2019-11516]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-08-12

CVE-2019-1986

(json)

CVE numbers: CVE-2019-1986 [Bulletin-CVE-2019-1986]
Coordinated disclosure?: unknown
Categories: Framework
Details: In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472. [NIST-CVE-2019-1986]
Discovered by: Leon Scroggins of Google [Discovery-CVE-2019-1986] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1986]
Fixed on: 2018-11-08 [A-117838472]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1986]
Affected versions: 9 [Bulletin-CVE-2019-1986] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1986]
Fixed versions: 9 [Bulletin-CVE-2019-1986]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1987

(json)

CVE numbers: CVE-2019-1987 [Bulletin-CVE-2019-1987]
Coordinated disclosure?: unknown
Categories: Framework
Details: In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775. [NIST-CVE-2019-1987]
Discovered by: on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1987]
Fixed on: 2018-11-08 [A-118143775]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1987]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1987] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1987]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1987]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1988

(json)

CVE numbers: CVE-2019-1988 [Bulletin-CVE-2019-1988]
Coordinated disclosure?: unknown
Categories: Framework
Details: In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692. [NIST-CVE-2019-1988]
Discovered by: on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1988]
Fixed on: 2018-10-24 [A-118372692]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1988]
Affected versions: 8.0, 8.1, 9 [Bulletin-CVE-2019-1988] regex: (8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1988]
Fixed versions: 8.0, 8.1, 9 [Bulletin-CVE-2019-1988]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1989

(json)

CVE numbers: CVE-2019-1989 [Bulletin-CVE-2019-1989]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118399205 [NIST-CVE-2019-1989]
Discovered by: on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2019-1989]
Fixed on: 2018-10-24 [A-118399205]
Fix released on: 2019-03-05 [Bulletin-CVE-2019-1989]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1989] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1989]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1989]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1990

(json)

CVE numbers: CVE-2019-1990 [Bulletin-CVE-2019-1990]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118453553 [NIST-CVE-2019-1990]
Discovered by: on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2019-1990]
Fixed on: 2018-11-12 [A-118453553]
Fix released on: 2019-03-05 [Bulletin-CVE-2019-1990]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1990] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1990]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1990]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1991

(json)

CVE numbers: CVE-2019-1991 [Bulletin-CVE-2019-1991]
Coordinated disclosure?: unknown
Categories: System
Details: In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-110166268. [NIST-CVE-2019-1991]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2019-1991] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1991]
Fixed on: 2018-11-27 [A-110166268]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1991]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1991] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1991]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1991]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1992

(json)

CVE numbers: CVE-2019-1992 [Bulletin-CVE-2019-1992]
Coordinated disclosure?: unknown
Categories: System
Details: In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116222069. [NIST-CVE-2019-1992]
Discovered by: Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2019-1992] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1992]
Fixed on: 2018-11-20 [A-116222069]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1992]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1992] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1992]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1992]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2009

(json)

CVE numbers: CVE-2019-2009 [Bulletin-CVE-2019-2009]
Coordinated disclosure?: unknown
Categories: System
Details: In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120665616 [NIST-CVE-2019-2009]
Discovered by: Jianjun Dai ( @jioun_dai) and Guang Gong ( @oldfresher) of 360 Alpha Team [Discovery-CVE-2019-2009] on: Unknown
Reported on: 2019-03-01 [Bulletin-CVE-2019-2009]
Fixed on: 2018-12-11 [A-120665616]
Fix released on: 2019-03-05 [Bulletin-CVE-2019-2009]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2009] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2009]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2009]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2027

(json)

CVE numbers: CVE-2019-2027 [Bulletin-CVE-2019-2027]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119120561. [NIST-CVE-2019-2027]
Discovered by: Qi Zhao ( @JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2019-2027] on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2019-2027]
Fixed on: 2019-01-23 [A-119120561]
Fix released on: 2019-04-05 [Bulletin-CVE-2019-2027]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2027] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2027]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2027]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2028

(json)

CVE numbers: CVE-2019-2028 [Bulletin-CVE-2019-2028]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120644655. [NIST-CVE-2019-2028]
Discovered by: Suresh Sivaraman of Ittiam [Discovery-CVE-2019-2028] on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2019-2028]
Fixed on: 2018-11-07 [A-120644655]
Fix released on: 2019-04-05 [Bulletin-CVE-2019-2028]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2028] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2028]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2028]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2029

(json)

CVE numbers: CVE-2019-2029 [Bulletin-CVE-2019-2029]
Coordinated disclosure?: unknown
Categories: System
Details: In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120612744. [NIST-CVE-2019-2029]
Discovered by: Wenke Dou (email), Chi Zhang (email), and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2019-2029] on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2019-2029]
Fixed on: 2019-01-09 [A-120612744]
Fix released on: 2019-04-05 [Bulletin-CVE-2019-2029]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2029] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2029]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2029]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2044

(json)

CVE numbers: CVE-2019-2044 [Bulletin-CVE-2019-2044]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862 [NIST-CVE-2019-2044]
Discovered by: Cusas of L.O. Team [Discovery-CVE-2019-2044] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2044]
Fixed on: 2019-02-26 [A-123701862]
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2044]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2044] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2044]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2044]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2045

(json)

CVE numbers: CVE-2019-2045 [Bulletin-CVE-2019-2045]
Coordinated disclosure?: unknown
Categories: System
Details: In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117554758 [NIST-CVE-2019-2045]
Discovered by: Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2045] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2045]
Fixed on: 2019-03-05 [A-117554758]
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2045]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.1, 9 [Bulletin-CVE-2019-2045] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2045]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.1, 9 [Bulletin-CVE-2019-2045]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2046

(json)

CVE numbers: CVE-2019-2046 [Bulletin-CVE-2019-2046]
Coordinated disclosure?: unknown
Categories: System
Details: In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117556220 [NIST-CVE-2019-2046]
Discovered by: Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2046] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2046]
Fixed on: 2019-03-05 [A-117556220]
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2046]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2046] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2046]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2046]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2047

(json)

CVE numbers: CVE-2019-2047 [Bulletin-CVE-2019-2047]
Coordinated disclosure?: unknown
Categories: System
Details: In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117607414 [NIST-CVE-2019-2047]
Discovered by: Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2047] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2047]
Fixed on: 2019-03-05 [A-117607414]
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2047]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2047] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2047]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2047]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2093

(json)

CVE numbers: CVE-2019-2093 [Bulletin-CVE-2019-2093]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119292397. [NIST-CVE-2019-2093]
Discovered by: on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2093]
Fixed on: 2018-12-20 [A-119292397]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2093]
Affected versions: 9 [Bulletin-CVE-2019-2093] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2093]
Fixed versions: 9 [Bulletin-CVE-2019-2093]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2094

(json)

CVE numbers: CVE-2019-2094 [Bulletin-CVE-2019-2094]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-129068792. [NIST-CVE-2019-2094]
Discovered by: Cusas of L.O. Team [Discovery-CVE-2019-2094] on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2094]
Fixed on: 2019-04-01 [A-129068792]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2094]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2094] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2094]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2094]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2095

(json)

CVE numbers: CVE-2019-2095 [Bulletin-CVE-2019-2095]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-124232283. [NIST-CVE-2019-2095]
Discovered by: on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2095]
Fixed on: 2018-09-17 [A-124232283]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2095]
Affected versions: 9 [Bulletin-CVE-2019-2095] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2095]
Fixed versions: 9 [Bulletin-CVE-2019-2095]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2097

(json)

CVE numbers: CVE-2019-2097 [Bulletin-CVE-2019-2097]
Coordinated disclosure?: unknown
Categories: System
Details: In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117606285. [NIST-CVE-2019-2097]
Discovered by: Wei Liu (刘炜), Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2097] on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2097]
Fixed on: 2019-03-08 [A-117606285]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2097]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2097] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2097]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2097]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2106

(json)

CVE numbers: CVE-2019-2106 [Bulletin-CVE-2019-2106]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130023983. [NIST-CVE-2019-2106]
Discovered by: Kostya Serebryany of Google, using libFuzzer and AddressSanitizer [Discovery-CVE-2019-2106] on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2106]
Fixed on: 2019-03-29 [A-130023983]
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2106]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2106] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2106]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2106]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2107

(json)

CVE numbers: CVE-2019-2107 [Bulletin-CVE-2019-2107]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844. [NIST-CVE-2019-2107]
Discovered by: Kostya Serebryany of Google, using libFuzzer and AddressSanitizer [Discovery-CVE-2019-2107] on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2107]
Fixed on: 2019-04-05 [A-130024844]
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2107]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2107] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2107]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2107]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2109

(json)

CVE numbers: CVE-2019-2109 [Bulletin-CVE-2019-2109]
Coordinated disclosure?: unknown
Categories: Media framework
Details: In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-130651570. [NIST-CVE-2019-2109]
Discovered by: on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2109]
Fixed on: Unknown
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2109]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2019-2109] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2109]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2019-2109]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2111

(json)

CVE numbers: CVE-2019-2111 [Bulletin-CVE-2019-2111]
Coordinated disclosure?: unknown
Categories: System
Details: In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122856181. [NIST-CVE-2019-2111]
Discovered by: Alex Abfalter of Google [Discovery-CVE-2019-2111] on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2111]
Fixed on: 2019-01-22 [2]
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2111]
Affected versions: 9 [Bulletin-CVE-2019-2111] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2111]
Fixed versions: 9 [Bulletin-CVE-2019-2111]
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2130

(json)

CVE numbers: CVE-2019-2130 [Bulletin-CVE-2019-2130]
Coordinated disclosure?: unknown
Categories: System
Details:
Discovered by: Wei Liu (刘炜), Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) [Discovery-CVE-2019-2130] on: Unknown
Reported on: 2019-08-01 [Bulletin-CVE-2019-2130]
Fixed on: 2019-06-03 [A-132073833]
Fix released on: 2019-08-05 [Bulletin-CVE-2019-2130]
Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2130] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-2130]
Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-2130]
Submission: by: Daniel Carter, on: 2019-08-12

CVE-2019-2250

(json)

CVE numbers: CVE-2019-2250 [Bulletin-CVE-2019-2250]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130 [NIST-CVE-2019-2250]
Discovered by: on: Unknown
Reported on: 2019-04-01 [Bulletin-CVE-2019-2250]
Fixed on: Unknown
Fix released on: 2019-04-05 [Bulletin-CVE-2019-2250]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2250]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2254

(json)

CVE numbers: CVE-2019-2254 [Bulletin-CVE-2019-2254]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details:
Discovered by: on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2254]
Fixed on: Unknown
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2254]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2254]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2255

(json)

CVE numbers: CVE-2019-2255 [Bulletin-CVE-2019-2255]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2019-2255]
Discovered by: on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2255]
Fixed on: Unknown
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2255]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2255]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2256

(json)

CVE numbers: CVE-2019-2256 [Bulletin-CVE-2019-2256]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details: An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 [NIST-CVE-2019-2256]
Discovered by: Xiling Gong of Tencent Blade Team [Discovery-CVE-2019-2256] on: Unknown
Reported on: 2019-05-01 [Bulletin-CVE-2019-2256]
Fixed on: Unknown
Fix released on: 2019-05-05 [Bulletin-CVE-2019-2256]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2256]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2269

(json)

CVE numbers: CVE-2019-2269 [Bulletin-CVE-2019-2269]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details:
Discovered by: on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2269]
Fixed on: 2018-07-11 [QC-CR#2264429]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2269]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2269]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2287

(json)

CVE numbers: CVE-2019-2287 [Bulletin-CVE-2019-2287]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details:
Discovered by: on: Unknown
Reported on: 2019-06-01 [Bulletin-CVE-2019-2287]
Fixed on: 2019-01-18 [2]
Fix released on: 2019-06-05 [Bulletin-CVE-2019-2287]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2287]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2308

(json)

CVE numbers: CVE-2019-2308 [Bulletin-CVE-2019-2308]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details:
Discovered by: on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2308]
Fixed on: 2019-02-02 [QC-CR#2338800]
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2308]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2308]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2322

(json)

CVE numbers: CVE-2019-2322 [Bulletin-CVE-2019-2322]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details:
Discovered by: on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2322]
Fixed on: Unknown
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2322]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2322]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2327

(json)

CVE numbers: CVE-2019-2327 [Bulletin-CVE-2019-2327]
Coordinated disclosure?: unknown
Categories: Qualcomm closed-source components
Details:
Discovered by: on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2327]
Fixed on: Unknown
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2327]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2327]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-2330

(json)

CVE numbers: CVE-2019-2330 [Bulletin-CVE-2019-2330]
Coordinated disclosure?: unknown
Categories: Qualcomm components
Details:
Discovered by: on: Unknown
Reported on: 2019-07-01 [Bulletin-CVE-2019-2330]
Fixed on: 2019-01-31 [QC-CR#2379952]
Fix released on: 2019-07-05 [Bulletin-CVE-2019-2330]
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [Bulletin-CVE-2019-2330]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-24

Defy republic init_runit

(json)

CVE numbers: CVE-2013-4777 [CVE-2013-4777], CVE-2013-5933 [CVE-2013-5933]
Coordinated disclosure?: true
Categories: permissions
Details: A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. [CVE-2013-4777] Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket. [CVE-2013-5933]
Discovered by: Justin Case [plus-jcase-defy-republic] on: 2013-07-09 [plus-jcase-defy-republic]
Reported on: 2013-09-24 [plus-jcase-defy-republic]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 2.3.7 [citation-needed] regex:
Affected devices: Defy Xt on Republic Wireless [CVE-2013-4777]
Affected manufacturers: Motorola [citation-needed]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-06; by: Laurent Simon, on: 2013-10-07

Diaggetroot

(json)

CVE numbers: CVE-2012-4220 [kc-blog-diaggetroot][archived]
Coordinated disclosure?: false
Categories: system
Details: A vulnerability in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver allows arbitrary code execution or denial of service via a call to diagchar_ioctl [kc-blog-diaggetroot][archived]
Discovered by: goroh kun [android-paper], giantprune [kc-blog-diaggetroot][archived] on: Unknown
Reported on: 2012-12-28 [xda-developers-diaggetroot]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 2.3 to 4.2 [kc-blog-diaggetroot][archived] regex: (2.[3-9].[0-9])|(3.[0-9].[0-9])|(4.[0-2].[0-9])
Affected devices: HTC J Butterfly [android-paper]
Affected manufacturers: HTC [android-paper]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

Fake ID

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: signature
Details: The software does not properly validate an application's certificate chain. An application can supply a specially crafted application identity certificate to impersonate a privileged application and gain access to vendor-specific device administration extensions. The vulnerability resides in the createChain() and findCert() functions of the Android JarUtils class. [securitytracker-1030654] Google bug 13678484 [blackhat-briefing-fakeid]
Discovered by: Jeff Forristal of Bluebox [bluebox-fakeid] on: Unknown
Reported on: 2014-07-29 [ars-fake-id]
Fixed on: 2014-04-17 [fakeid-patch]
Fix released on: Unknown
Affected versions: 2.1 -- 4.4 [ars-fake-id] regex: (2.[1-9].[0-9])|(3.[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices:
Affected manufacturers: all [bluebox-fakeid]
Fixed versions: there is no single, specific “fixed” version of Android. In fact, multiple vendors are maintaining the same prior version number, and only patching the functionality. We have confirmed “fixed” versions existing within the ranges of 4.1, 4.2, 4.3, and 4.4 [bluebox-fakeid]
Submission: by: Khilan Gudka, on: 2014-07-29; by: Daniel R. Thomas, on: 2014-09-09; by: Jeff Forristal, on: 2014-09-11

Full TrustZone

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: kernel, system
Details: A vulnerability in a modified kernel means that a series of exploits can be used to obtain access to the Trusted Execution Environment [msm8974-pt1][archived]
Discovered by: Gal Beniamini (laginimaineb) [msm8974-pt3][archived] on: Unknown
Reported on: 2014-09-19 [msm8974-pt3][archived]
Fixed on: 2014-10-01 [msm8974-pt3][archived]
Fix released on: Unknown
Affected versions: Crafted ROM based on 4.4.4 [msm8974-pt3][archived] regex: 4.4.4
Affected devices: All devices using the MSM8974 SoCMSM8974 SoC [msm8974-pt3][archived]
Affected manufacturers: Samsung [msm8974-pt3][archived], HTC [msm8974-pt3][archived], LG [msm8974-pt3][archived], Sony [msm8974-pt3][archived], OnePlus [msm8974-pt3][archived], Acer [msm8974-pt3][archived], Asus [msm8974-pt3][archived], Gionee [msm8974-pt3][archived], ZTE [msm8974-pt3][archived], Sharp [msm8974-pt3][archived], Pantech [msm8974-pt3][archived], Lenovo [msm8974-pt3][archived], Oppo [msm8974-pt3][archived], Vivo [msm8974-pt3][archived], IUNI [msm8974-pt3][archived], Hisense [msm8974-pt3][archived], Coolpad [msm8974-pt3][archived], Xiaomi [msm8974-pt3][archived], InFocus [msm8974-pt3][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

Gingerbreak

(json)

CVE numbers: CVE-2011-1823 [CVE-2011-1823]
Coordinated disclosure?: false
Categories: system
Details: The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges [citation-needed]
Discovered by: The Android Exploid Crew [citation-needed] on: Unknown
Reported on: 2011-04-21 [c-skills-gingerbreak][archived], 2011-04-21 [xda-forum-gingerbreak]
Fixed on: 2011-04-18 [patch-vold-gingerbreak], 2011-04-18 [patch-netd-gingerbreak], 2011-04-18 [patch-core-gingerbreak]
Fix released on: 2011-04-29 [productforums-ard-2.3.4]
Affected versions: 2.2, 2.3, 2.3.1, 3.0 [citation-needed] regex: (2.(([0-2].[0-9])|(3.[0-3])))|(3.0.[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.4 [tag-android-2.3.4_r1], 3.1 [ard-dev-3.1-release][archived]
Submission: by: Daniel R. Thomas, on: 2013-09-02

JavaScript to Java

(json)

CVE numbers: CVE-2012-6636 [js-to-java-cve]
Coordinated disclosure?: unknown
Categories: system
Details: The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710. [js-to-java-cve]
Discovered by: on: Unknown
Reported on: 2012-12-21 [d3adend-js-to-java][archived]
Fixed on: Unknown
Fix released on: 2012-10-29 [js-to-java-paper]
Affected versions: 4.1 and below [d3adend-js-to-java][archived] regex: ([1-3].[0-9].[0-9])|(4.[0-1].[0-9])
Affected devices: all [js-to-java-paper]
Affected manufacturers: all [js-to-java-paper]
Fixed versions: 4.2 and above (additional fix in 4.4.3 [js-to-java-paper]
Submission: by: Daniel Carter, on: 2019-07-30

KillingInTheNameOf psneuter ashmem

(json)

CVE numbers: CVE-2011-1149 [citation-needed]
Coordinated disclosure?: false
Categories: system, kernel
Details: Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges [citation-needed]
Discovered by: on: Unknown
Reported on: 2011-01-06 [c-skills-adb-trickery][archived]
Fixed on: 2010-07-13 [ashmem-fix-core], 2010-07-15 [ashmem-fix-kernel]
Fix released on: 2010-12-06 [citation-needed]
Affected versions: 1.5 -- 2.2.2 [citation-needed] regex: (1.[5-9].[0-9])|(2.(([0-1].[0-9])|(2.[0-9])))
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3 [citation-needed]
Submission: by: Daniel R. Thomas, on: 2013-09-04

LG Lit

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: kernel
Details: Bug in LG backlight driver allows gaining root from local user [androidforums-lit][archived]
Discovered by: giantpune [giantpune-email0] on: 2012-10-31 [giantpune-email0]
Reported on: 2012-10-25 [androidforums-lit][archived]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices: LG LM3530 backlight driver devices [androidforums-lit][archived], L38C [androidforums-lit-package][archived]
Affected manufacturers: LG [androidforums-lit][archived]
Fixed versions:
Submission: by: giantpune, on: 2014-10-17

LG Sprite backup

(json)

CVE numbers: CVE-2013-3685 [citation-needed]
Coordinated disclosure?: true
Categories: system
Details: Race condition in Sprite Software's backup software, installed by OEM on LG Android devices. [fulldisclosure-2013-06-196]
Discovered by: Justin Case jcase@cunninglogic.com [fulldisclosure-2013-06-196] on: 2013-06-24 [fulldisclosure-2013-06-196]
Reported on: 2013-06-24 [fulldisclosure-2013-06-196]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: spritebud 1.3.24, 1.3.28 backup 2.5.4105, 2.5.4108 [citation-needed] regex:
Affected devices: (LG-E971:LG Optimus G, LG-E973:LG Optimus G, LG-E975:LG Optimus G, LG-E975K:LG Optimus G, LG-E975T:LG Optimus G, LG-E976:LG Optimus G, LG-E977:LG Optimus G, LG-F100K:LG Optimus Vu, LG-F100L:LG Optimus Vu, LG-F100S:LG Optimus Vu, LG-F120K:LG Optimus Vu, LG-F120L:LG Optimus LTE Tag, LG-F120S:LG Optimus LTE Tag, LG-F160K:LG Optimus LTE 2, LG-F160L:LG Optimus LTE 2, LG-F160LV:LG Optimus LTE 2, LG-F160S:LG Optimus LTE 2, LG-F180K:LG Optimus G, LG-F180L:LG Optimus G, LG-F180S:LG Optimus G, LG-F200K:LG Optimus Vu 2, LG-F200L:LG Optimus Vu 2, LG-F200S:LG Optimus Vu 2, LG-F240K:LG Optimus G Pro, LG-F240L:LG Optimus G Pro, LG-F240S:LG Optimus G Pro, LG-F260K:LG Optimus LTE 3, LG-F260L:LG Optimus LTE 3, LG-F260S:LG Optimus LTE 3, LG-L21:LG Optimus G, LG-LG870:LG (Unknown), LG-LS860:LG Mach, LG-LS970:LG Optimus G, LG-P760:LG Optimus L9, LG-P769:LG Optimus L9, LG-P780:LG Optimus L7, LG-P875:LG Optimus F5, LG-P875h:LG Optimus F5, LG-P880:LG Optimus 4X HD, LG-P940:LG Prada, LG-SU540:LG Prada 3.0, LG-SU870:LG Optimus 3D Cube, LG-US780:LG Lollipop) [fulldisclosure-2013-06-196]
Affected manufacturers: LG [citation-needed]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-08-28; by: Justin Case, on: 2014-02-08

Mate7 TrustZone Exploit

(json)

CVE numbers: CVE-2015-4421 [mate7-advisory][archived], CVE-2015-4422 [mate7-advisory][archived]
Coordinated disclosure?: unknown
Categories: system
Details: The tzdriver and TEEOS modules of the Huawei Mate 7 have vulnerabilities which may allow malicious apps to perform denial of service attacks, or gain privileges, by gaining access to the TEE [mate7-advisory][archived]
Discovered by: Di Shen (returnsme) [mate7-advisory][archived] on: Unknown
Reported on: 2015-05-20 [mate7-advisory][archived]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices: Huawei Mate 7 [mate7-advisory][archived]
Affected manufacturers: Huawei [mate7-advisory][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

Mediaserver code execution

(json)

CVE numbers: CVE-2014-7920 [mediaserver-blog][archived], CVE-2014-7921 [mediaserver-blog][archived]
Coordinated disclosure?: true
Categories: kernel, system
Details: Two vulnerabilities which allow arbitrary code execution in the mediaserver process [mediaserver-blog][archived]
Discovered by: Gal Beniamini (laginimaineb) [mediaserver-blog][archived] on: Unknown
Reported on: 2014-10-14 [mediaserver-blog][archived]
Fixed on: 2014-10-28 [mediaserver-commit]
Fix released on: 2014-12-04 [mediaserver-commit]
Affected versions: 2.2 to 5.0 [mediaserver-blog][archived] regex: (2.[2-9].[0-9])|([3-4].[0-9].[0-9])|(5.0.[0-9])
Affected devices: all [mediaserver-blog][archived]
Affected manufacturers: all [mediaserver-blog][archived]
Fixed versions: 5.1 [mediaserver-blog][archived]
Submission: by: Daniel Carter, on: 2019-07-09

Metaphor

(json)

CVE numbers: CVE-2015-3864 [metaphor-avast]
Coordinated disclosure?: true
Categories: system
Details: A remote-access exploit that uses a vulnerability in libstagefright [metaphor-report][archived]
Discovered by: Hanan Be’er [metaphor-report][archived] on: Unknown
Reported on: Unknown
Fixed on: Unknown
Fix released on: 2015-09-09 [metaphor-bulletin][archived]
Affected versions: 2.2 to 4.0 and 5.0 to 5.1 [metaphor-report][archived] regex: (2.[2-9].[0-9])|(3.[0-9].[0-9])|(4.0.[0-9])|(5.[0-1].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

Motochopper

(json)

CVE numbers: CVE-2013-2596 [citation-needed]
Coordinated disclosure?: false
Categories: kernel
Details: Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9 QCIR-2013-00004-1 [QCIR-2013-00004-1]
Discovered by: Dan Rosenberg [citation-needed] on: 2013-04-08 [citation-needed]
Reported on: 2013-04-08 [azimuth-unlock-moto-bootloader#0][azimuth-unlock-moto-bootloader#1]
Fixed on: 2013-04-19 [fb_mmap-patch]
Fix released on: 2013-07-17 [xda-developers-motochopper]
Affected versions: 4.1.2 [citation-needed] regex:
Affected devices: (Atrix Hd, Razr hd, Razr M, Qualcomm Msm8960) [citation-needed]
Affected manufacturers: Motorola [citation-needed], Qualcomm [QCIR-2013-00004-1]
Fixed versions: 4.1.2 build 9.8.1Q-79 [citation-needed]
Submission: by: Daniel R. Thomas, on: 2013-09-04

Mtkfb

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: system
Details: Memory write vulnerabilities allow a local user to gain privileges [mtkfb-ele7enxxh-blog]
Discovered by: KeenTeam [mtkfb-ele7enxxh-blog] on: 2015-04-30 [citation-needed]
Reported on: 2015-04-30 [citation-needed]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers:
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

NachoRoot

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: permissions
Details: On ASUS Transformer Pime /data/sensors/AMI304_Config.ini is set world writable on boot and so a /data/local.prop symlink attack can be mounted [gh-cunninglogic-nachoroot-sh][archived]
Discovered by: Justin Case (jcase) [gh-cunninglogic-nachoroot-sh][archived] on: 2012-01-03 [gh-cunninglogic-nachoroot]
Reported on: 2012-01-03 [xda-nachoroot]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices: ASUS Transformer Prime [gh-cunninglogic-nachoroot]
Affected manufacturers: Asus [gh-cunninglogic-nachoroot]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2014-07-21; by: Thomas Coudray, on: 2014-03-07

Qualcomm Integer oveflow diagnostics

(json)

CVE numbers: CVE-2012-4220 [CVE-2012-4220], CVE-2012-4221 [CVE-2012-4221], CVE-2012-4222 [CVE-2012-4222]
Coordinated disclosure?: true
Categories: kernel
Details: QCIR-2012-00001-1: Multiple security vulnerabilities have been discovered in the handling of the diagchar_ioctl() and kgsl_ioctl() system call parameters for the diagnostics (DIAG) and KGSL graphics kernel drivers for Android. [QCIR-2012-00001-1][archived]
Discovered by: giantpune@gmail.com [QCIR-2012-00001-1][archived] on: 2012-04-30 [giantpune-email0]
Reported on: 2012-11-15 [QCIR-2012-00001-1][archived]
Fixed on: 2012-11-16 [QCIR-2012-00001-1][archived]
Fix released on: Unknown
Affected versions: 2.3 -- 4.2 released from CAF [QCIR-2012-00001-1][archived] regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2012-00001-1][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-09-02; by: giantpune, on: 2014-10-17

ObjectInputStream deserializable

(json)

CVE numbers: CVE-2014-7911 [fulldisclosure-ois]
Coordinated disclosure?: true
Categories: system
Details: In Android <5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. That issue was fixed in Android 5.0. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be ignored or cast to a type to which it doesn't fit, implying that no methods will be called on it and no data from it will be used. However, when it is collected by the GC, the GC will call the object's finalize method. [fulldisclosure-ois] luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. [CVE-2014-7911] A POC local root exploit is available [CVE-2014-7911_poc]
Discovered by: Jann Horn [fulldisclosure-ois] on: 2014-06-22 [fulldisclosure-ois]
Reported on: 2014-11-14 [fulldisclosure-ois]
Fixed on: 2014-06-25 [ois-fix]
Fix released on: 2014-11-03 [citation-needed]
Affected versions: 1.0-4.4.4 [CVE-2014-7911] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices: all [fulldisclosure-ois]
Affected manufacturers: all [fulldisclosure-ois]
Fixed versions: 5.0.0 [CVE-2014-7911]
Submission: by: Jann Horn, on: 2014-12-14; by: Laurent Simon, on: 2015-03-12

One class to rule them all

(json)

CVE numbers: CVE-2015-3837 [CVE-2015-3837], CVE-2015-3825 [woot15-paper-peles], ANDROID-21437603 [woot15-paper-peles], ANDROID-21583849 [woot15-paper-peles]
Coordinated disclosure?: true
Categories: system
Details: This vulnerability allows for arbitrary code execution in the context of many apps and services and results in elevation of privileges. There is a Proof-of-Concept exploit against the Google Nexus 5 device, that achieves code execution inside the highly privileged system_server process, and then either replaces an existing arbitrary application on the device with our own malware app or changes the device’s SELinux policy. For some other devices, it is also possible to gain kernel code execution by loading an arbitrary kernel modules. This vulnerability was responsibly disclosed to the Android Security Team which tagged it as CVE-2015-3825 internally as ANDROID-21437603/ANDROID-21583849 and patched Android 4.4 / 5.x / M and Google Play Services. [woot15-paper-peles] CVE-2015-3825 is the wrong CVE number (duplicate), CVE-2015-3837 should be used instead [CVE-2015-3825] The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603. [CVE-2015-3837]
Discovered by: Or Peles and Roee Hay {orpeles,roeeh}@il.ibm.com [woot15-paper-peles] on: 2015-05-22 [woot15-paper-peles]
Reported on: 2015-06-01 [NexusSecurityBulletinAugust2015][archived]
Fixed on: 2015-05-28 [OneClassPatch]
Fix released on: 2015-08-05 [droid-life-5-1-1-lmy48i][archived]
Affected versions: 4.3-5.1, M (Preview 1) [woot15-paper-peles] regex: (4.[0-3].[0-9])|(4.4.[0-4])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 4.4, 5.x, M [woot15-paper-peles]
Submission: by: Laurent Simon, on: 2015-08-10; by: Roee Hay, on: 2015-10-14

PingPongRoot

(json)

CVE numbers: CVE-2015-3636 [avs-test-pingpong][archived]
Coordinated disclosure?: false
Categories:
Details: Wen Xu and wushi of KeenTeam discovered that users allowed to create ping sockets can use them to crash the system and, on 32-bit architectures, for privilege escalation. However, by default, no users on a Debian system have access to ping sockets. [dsa-3290]
Discovered by: Wen Xu and wushi of KeenTeam [dsa-3290] on: Unknown
Reported on: 2015-05-08 [xda-developers-pingpongroot]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices: Samsung Galaxy S6 Edge [xda-developers-pingpongroot], HTC One (M9) [xda-developers-pingpongroot], Samsung Galaxy S6 [xda-developers-pingpongroot]
Affected manufacturers: Samsung [xda-developers-pingpongroot], HTC [xda-developers-pingpongroot]
Fixed versions: 5.0.2,5.1.1 [xda-developers-pingpongroot]
Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

QSEECOM driver

(json)

CVE numbers: CVE-2014-4322 [qseecom-codeaurora][archived]
Coordinated disclosure?: true
Categories: kernel
Details: A Linux kernel privilege escalation vulnerability allows arbitrary code to be executed within the kernel [qseecom-blog][archived]
Discovered by: Gal Beniamini (laginimaineb) [qseecom-blog][archived] on: Unknown
Reported on: 2014-09-24 [qseecom-blog][archived]
Fixed on: 2014-12-22 [qseecom-codeaurora][archived]
Fix released on: 2014-12-27 [qseecom-blog][archived]
Affected versions: All versions using an unpatched kernel [qseecom-codeaurora][archived] regex:
Affected devices: All devices using Qualcomm chipsets [qseecom-blog][archived]
Affected manufacturers: Qualcomm [qseecom-blog][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

QSEE privilege escalation

(json)

CVE numbers: CVE-2015-6639 [qsee-blog][archived]
Coordinated disclosure?: true
Categories: system
Details: A vulnerability in the driver for Qualcomm's Trusted Excecution Environment allows code execution in this environment [qsee-blog][archived]
Discovered by: Gal Beniamini (laginimaineb) [qsee-blog][archived] on: Unknown
Reported on: 2015-09-27 [qsee-blog][archived]
Fixed on: 2015-12-14 [qsee-blog][archived]
Fix released on: 2015-12-14 [qsee-blog][archived]
Affected versions: 5.0-5.1.1 and 6.0 [cvedetails-qsee] regex: (5.0.[0-9])|(5.1.[0-1])|(6.0.[0-9])
Affected devices: Several, including Droid Turbo, Nexus 6 and Moto X 2nd Gen [qsee-blog][archived]
Affected manufacturers: Qualcomm [qsee-blog][archived]
Fixed versions: 5.1.1 LMY94F, 6.0 [cvedetails-qsee]
Submission: by: Daniel Carter, on: 2019-07-09

Qualcomm Gandalf camera driver

(json)

CVE numbers: CVE-2013-2595 [QCIR-2013-00001-1][archived]
Coordinated disclosure?: true
Categories: kernel
Details: The camera driver provides several interfaces to user space clients. The user space clients communicate to the kernel via syscalls such as ioctl or mmap. The camera driver provides an uncontrolled mmap interface that allows an application with access to the device file to map physical memory exceeding the camera driver's memory into user space. A locally installed, unprivileged application can use this flaw to escalate privileges. [QCIR-2013-00001-1][archived]
Discovered by: alephzain alephzain1@gmail.com [QCIR-2013-00001-1][archived] on: 2013-03-15 [CVE-2013-2595]
Reported on: 2013-05-01 [xda-developers-gandalf]
Fixed on: 2013-05-01 [QCIR-2013-00001-1][archived]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [citation-needed]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-06

Qualcomm Goodix driver procfs

(json)

CVE numbers: CVE-2013-4740 [QCIR-2013-00009-1][archived], CVE-2013-6122 [QCIR-2013-00009-1][archived]
Coordinated disclosure?: true
Categories: kernel
Details: Multiple memory corruption issues and race condition in Goodix gt915 touchscreen driver procfs handler (CVE-2013-4740 CVE-2013-6122) QCIR-2013-00009-1: Multiple issues have been identified in the Goodix gt915 touchscreen driver for Android. The issues were found in the write handler of the procfs entry created by the driver, which by default is readable and writeable to users without any specific privileges. [QCIR-2013-00009-1][archived]
Discovered by: Jonathan Salwan of the Sysdream Security Lab [QCIR-2013-00009-1][archived] on: Unknown
Reported on: 2013-11-07 [QCIR-2013-00009-1][archived]
Fixed on: 2013-09-23 [msm-goodix-patch][archived]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2013-00009-1][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-20

Qualcomm Integer overflow camera

(json)

CVE numbers: CVE-2013-4736 [QCIR-2013-00005-1]
Coordinated disclosure?: false
Categories: kernel
Details: Integer overflow and signedness issue in camera JPEG engines (CVE-2013-4736) QCIR-2013-00005-1: The JPEG engines that are part of the camera driver provide an ioctl system call interface to user space clients for communication. When processing hardware commands ioctl calls, the drivers are incorrectly handling the number of commands included in the user space payload. This can lead to an integer overflow which subsequently results in the driver attempting to process hardware commands from out-of-bounds memory which can cause the kernel to crash. The same code also suffered from incorrectly treating the number of hardware commands as signed. [QCIR-2013-00005-1] Gemini JPEG encoder, Mercury JPEG decoder, and Jpeg1.0 common encoder/decoder contain an unspecified integer overflow condition during the handling of hardware command IOCTL calls that may allow a local attacker to cause a denial of service or potentially execute of arbitrary code. [osvdb-96924]
Discovered by: alephzain alephzain1@gmail.com [QCIR-2013-00005-1] on: Unknown
Reported on: 2013-08-29 [QCIR-2013-00005-1]
Fixed on: 2013-07-31 [jpeg-integer-overflow-patch], 2013-06-28 [overflow-ioctl_hw_cmds-patch], 2013-06-11 [signedness-hw_exec_cmds-patch]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2013-00005-1]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-14

Qualcomm chown init scripts

(json)

CVE numbers: CVE-2013-6124 [QCIR-2014-00002-1][archived]
Coordinated disclosure?: true
Categories: permissions
Details: Insecure owner/permission changes in init shell scripts (CVE-2013-6124): During the device start-up phase, several init shell scripts are executed with root privileges to configure various aspects of the system. During this process, standard toolchain commands such as chown or chmod are used to, e.g., change the owner of the sensor settings file to the system user. As these commands follow symbolic links (symlinks), an attacker with write access to these resources is able to conduct symlink attacks and thus change for example the owner of an arbitrary file to system. This flaw can be used to, e.g., elevate privileges. [QCIR-2014-00002-1][archived]
Discovered by: Jon Sawyer [QCIR-2014-00002-1][archived] on: 2013-10-15 [CVE-2013-6124]
Reported on: 2014-02-19 [QCIR-2014-00002-1][archived]
Fixed on: 2013-11-14 [init-symlink-patch], 2013-10-30 [chown-symlink-patch], 2013-12-14 [chmod-symlink-patch], 2013-12-16 [chmod-args-patch]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2014-00002-1][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2014-04-16

Qualcomm TrustZone

(json)

CVE numbers: CVE-2016-2431 [trustzone-blog][archived]
Coordinated disclosure?: true
Categories: kernel
Details: An exploit which allows code execution within the TrustZone kernel. This may allow capturing of secret keys, disabling of hardware protection and unlocking locked bootloaders [trustzone-blog][archived]
Discovered by: Gal Beniamini (laginimaineb) [trustzone-blog][archived] on: Unknown
Reported on: 2015-10-13 [trustzone-blog][archived]
Fixed on: 2016-05-02 [trustzone-blog][archived]
Fix released on: 2016-05-02 [trustzone-blog][archived]
Affected versions: 6.0.1 [cvedetails-qualcomm-trustzone] regex:
Affected devices: Many devices using Qualcomm SoCs, including Nexus 5, Nexus 6 and Nexus 7 (2013) [trustzone-bulletin]
Affected manufacturers: Qualcomm [trustzone-bulletin]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

Qualcomm missing checks put_user get_user

(json)

CVE numbers: CVE-2013-6282 [QCIR-2013-00010-1][archived]
Coordinated disclosure?: false
Categories: kernel
Details: Missing access checks in put_user/get_user kernel API (CVE-2013-6282 QCIR-2013-00010-1): The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This functionality was originally implemented and controlled by the domain switching feature (CONFIG_CPU_USE_DOMAINS), which has been deprecated due to architectural changes. As a result, any kernel code using these API functions may introduce a security issue where none existed before. This allows an application to read and write kernel memory to, e.g., escalated privileges. [QCIR-2013-00010-1][archived]
Discovered by: Unknown, used in vroot exploit [QCIR-2013-00010-1][archived] on: 2013-09-06 [xda-developers-vroot]
Reported on: 2013-09-06 [xda-developers-vroot]
Fixed on: 2012-09-07 [msm-check_user_pointer-patch], 2013-07-15 [msm-check_user_pointer-patch]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2013-00010-1][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-20

Qualcomm acdb audio buffer overflow

(json)

CVE numbers: CVE-2013-2597 [QCIR-2013-00002-1][archived]
Coordinated disclosure?: false
Categories: kernel
Details: The acdb audio driver provides an ioctl system call interface to user space clients for communication. When processing arguments passed to the ioctl handler, a user space supplied size is used to copy as many bytes from user space to a local stack buffer without proper bounds checking. An application with access to the /dev/msm_acdb device file (audio or system group) can use this flaw to, e.g., elevate privileges. QCIR-2013-00002-1 [QCIR-2013-00002-1][archived]
Discovered by: @fi01_IS01 [QCIR-2013-00002-1][archived], Xuxian Jiang [QCIR-2013-00002-1][archived] on: 2013-05-08 [twitter-fi01_IS01][archived]
Reported on: 2013-05-08 [twitter-fi01_IS01][archived]
Fixed on: 2013-06-21 [QCIR-2013-00002-1][archived]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2013-00002-1][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-08

Qualcomm stack buffer overflow camera

(json)

CVE numbers: CVE-2013-4738 [QCIR-2013-00008-1][archived], CVE-2013-4739 [QCIR-2013-00008-1][archived]
Coordinated disclosure?: true
Categories: kernel
Details: Stack-based buffer overflow and memory disclosure in camera driver QCIR-2013-00008-1: A stack-based buffer overflow and a kernel memory disclosure vulnerability have been discovered in the system call handlers of the camera driver. [QCIR-2013-00008-1][archived]
Discovered by: Jonathan Salwan of the Sysdream Security Lab [QCIR-2013-00008-1][archived] on: Unknown
Reported on: 2013-10-15 [QCIR-2013-00008-1][archived]
Fixed on: 2013-07-31 [msm-camera-dequeue-patch], 2013-08-09 [msm-bound-check-patch]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [citation-needed]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-20

Qualcomm out of bounds camera

(json)

CVE numbers: CVE-2013-6123 [QCIR-2014-00001-1][archived]
Coordinated disclosure?: true
Categories: kernel
Details: Out of bounds array access in camera driver (CVE-2013-6123): The camera driver provides an ioctl system call interface to user space clients for communication. When processing this communication, the msm_ioctl_server, msm_server_send_ctrl, and msm_ctrl_cmd_done functions use a user-supplied value as an index to the server_queue array for read and write operations without any boundary checks. A local application with access to the camera device nodes can use this flaw to, e.g., elevate privileges. [QCIR-2014-00001-1][archived]
Discovered by: alephzain alephzain1@gmail.com [QCIR-2014-00001-1][archived] on: 2013-10-10 [msm-camera-valid-patch]
Reported on: 2014-01-10 [QCIR-2014-00001-1][archived]
Fixed on: 2013-12-09 [msm-camera-bounds-patch], 2013-10-10 [msm-camera-valid-patch]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2014-00001-1][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2014-04-16

Use-After-Free camera driver exploit

(json)

CVE numbers: CVE-2015-0568 [camera-driver-coreteam][archived]
Coordinated disclosure?: true
Categories: system
Details: A use-after-free vulnerability in the camera driver of Qualcomm MSM 7x30 SoCs [camera-driver-coreteam][archived]
Discovered by: Chiachih Wu and Yanfeng Wang [camera-driver-coreteam][archived] on: Unknown
Reported on: 2015-06-05 [camera-driver-coreteam][archived]
Fixed on: 2015-08-13 [camera-driver-coreteam][archived]
Fix released on: 2015-08-21 [camera-driver-coreteam][archived]
Affected versions: Linux kernel 3.x [nvd-camera-driver] regex:
Affected devices: All devices using Qualcomm MSM 7x30 SoCs [camera-driver-coreteam][archived]
Affected manufacturers: Qualcomm [camera-driver-coreteam][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

RageAgainstTheCage adb

(json)

CVE numbers: CVE-2010-EASY [intrepidus-looking-at-c-skills][archived]
Coordinated disclosure?: false
Categories: system
Details: adb fails to check setuid return code and this can be caused to fail by the shell user already having RLIMIT_NPROC processes. [citation-needed]
Discovered by: Sebastian Krahmer [thesnkchrmr-ratc][archived] on: 2010-08-21 [c-skills-droid2][archived]
Reported on: Unknown
Fixed on: 2010-08-27 [rageagainstthecage-adb-patch]
Fix released on: Unknown
Affected versions: 1.6_r1-2.2_r1 [adb-setuid-bug-patch] regex: (1.[6-9].[0-9])|(2.((1.[0-9])|(2.0)))
Affected devices: Droid2, backflip and evo [c-skills-droid2][archived]
Affected manufacturers: all [rageagainstthecage-adb-patch]
Fixed versions: 2.2.2 and greater [android-security-2010-EASY-patches][archived], 2.2_r8, 2.3_r1 [rageagainstthecage-adb-patch]
Submission: by: Daniel R. Thomas, on: 2013-09-05

RageAgainstTheCage zygote

(json)

CVE numbers: ANDROID-3176774 [citation-needed]
Coordinated disclosure?: false
Categories: system
Details: Also known as Zimperlich [c-skills-zimperlich][archived]
Discovered by: on: Unknown
Reported on: Unknown
Fixed on: 2010-08-30 [dalvik-zygote], 2010-11-08 [dalvik-zygote-cherry]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.1_r1 [dalvik-zygote]
Submission: by: Daniel R. Thomas, on: 2013-09-06

Samsung GPU DMA

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: kernel
Details: [talks.cam-46303]
Discovered by: Janis Danisevskis janis@sec.t-labs.tu-berlin.de from Technische Universität Berlin [citation-needed] on: 2012-09-30 [citation-needed]
Reported on: 2013-04-04 [citation-needed]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Samsung [citation-needed]
Fixed versions:
Submission:

Samsung WifiHs20UtilityService

(json)

CVE numbers: CVE-2015-7888 [projectzero-489]
Coordinated disclosure?: true
Categories: system
Details: A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user. [citation-needed]
Discovered by: Mark Brand [projectzeroblog-huntinggalaxy] on: 2015-07-29 [citation-needed]
Reported on: 2015-07-29 [citation-needed]
Fixed on: 2015-10-22 [projectzero-489]
Fix released on: Unknown
Affected versions: regex:
Affected devices: Samsung S6 Edge and may be present in other Samsung device models [projectzero-489]
Affected manufacturers: Samsung [projectzero-489]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

Sensord local root

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: system
Details: A vulnerability exploiting the sensord daemon, which runs as root on some devices [sensord-exploit-db]
Discovered by: s0m3b0dy [sensord-exploit-db] on: Unknown
Reported on: 2016-01-27 [sensord-exploit-db]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices: LG L7 and others [sensord-exploit-db]
Affected manufacturers: LG [sensord-exploit-db], Other devices using the sensord daemon [sensord-exploit-db]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

Stagefright

(json)

CVE numbers: CVE-2015-1538 [nakedsecurity-stagefright], CVE-2015-1539 [nakedsecurity-stagefright], CVE-2015-3824 [nakedsecurity-stagefright], CVE-2015-3826 [nakedsecurity-stagefright], CVE-2015-3827 [nakedsecurity-stagefright], CVE-2015-3828 [nakedsecurity-stagefright], CVE-2015-3829 [nakedsecurity-stagefright]
Coordinated disclosure?: true
Categories: system, network
Details: Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data. [techworm-stagefright] Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device. [cert-kb-stagefright]
Discovered by: Joshua J. Drake [zimperium-stagefright] on: 2015-04-09 [techworm-stagefright]
Reported on: 2015-07-21 [zimperium-stagefright]
Fixed on: 2015-04-08 [stagefright-fix-2]
Fix released on: 2015-08-03 [androidpolice-sprint-update]
Affected versions: 2.2-5.1.0 [cert-kb-stagefright] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [cert-kb-stagefright]
Affected manufacturers: all [cert-kb-stagefright]
Fixed versions: 5.1.1_r9 [cert-kb-stagefright]
Submission: by: Laurent Simon, on: 2015-07-27

Stagefright2

(json)

CVE numbers: CVE-2015-6602 [zimperium-stagefright2], CVE-2015-3876 [android-security-october][archived]
Coordinated disclosure?: true
Categories: system, network
Details: Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright). Google assigned CVE-2015-6602 to vulnerability in libutils. [zimperium-stagefright2]
Discovered by: Joshua J. Drake [zimperium-stagefright2] on: 2015-08-15 [zimperium-stagefright2]
Reported on: 2015-10-01 [zimperium-stagefright2]
Fixed on: Unknown
Fix released on: 2015-10-05 [register-stagefright2]
Affected versions: 5.1 and below [android-security-october][archived] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [zimperium-stagefright2]
Affected manufacturers: all [zimperium-stagefright2]
Fixed versions: 5.1.1, LMY48T or later, LMY48W [android-security-october][archived]
Submission: by: Daniel R. Thomas, on: 2015-10-06; by: Laurent Simon, on: 2015-10-02; by: Alastair R. Beresford, on: 2015-10-01

StumpRoot

(json)

CVE numbers:
Coordinated disclosure?: false
Categories:
Details: Vulnerability affecting LG devices released between 2012 and 2014 [xda-developers-stumproot]
Discovered by: thecubed [xda-developers-stumproot] on: Unknown
Reported on: 2014-08-17 [xda-developers-stumproot]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices: Verizon LG G3, T-Mobile LG G3, AT&T LG G3, Sprint LG G3, D852G Videotron 10C, D852 Rogers 10B, D852 Bell 10B, Flex D959 TMobile, LG-D855, LG-D858, LG-D855, LG-D851, LG-F400L [xda-developers-stumproot]
Affected manufacturers: LG [xda-developers-stumproot]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

TPSparkyRoot

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: system
Details: A bug in chmod, mkdir and chown mean that they fail when the last element of their target path is a symlink [android-commit-tpsparkyroot]
Discovered by: sparkym3 [xda-forum-tpsparkyroot] on: Unknown
Reported on: 2012-01-11 [xda-forum-tpsparkyroot]
Fixed on: Unknown
Fix released on: 2012-05-02 [android-commit-tpsparkyroot]
Affected versions: 4.0-4.0.4 [citation-needed] regex: 4.0.[0-4]
Affected devices:
Affected manufacturers:
Fixed versions: 4.0.4_r2 [android-commit-tpsparkyroot]
Submission: by: Daniel Carter, on: 2019-07-03

TacoRoot

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: permissions
Details: HTC recovery log on some devices is world writable and so can be deleted and symlinked to /data/local.prop to allow root on reboot, this is a appears to be a unstable exploit and requires the user to reboot into recovery mode [gh-cunninglogic-tacoroot][archived]
Discovered by: Justin Case (jcase) and Dan Rosenberg [gh-cunninglogic-tacoroot-sh][archived] on: 2012-01-01 [gh-cunninglogic-tacoroot-fc]
Reported on: 2011-12-29 [rootzwiki-tacoroot][archived]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: HTC [rootzwiki-tacoroot][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2014-07-21; by: Thomas Coudray, on: 2014-03-07

TowelRoot

(json)

CVE numbers: CVE-2014-3153 [threatpost-towelroot][archived]
Coordinated disclosure?: true
Categories: kernel
Details: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. [CVE-2014-3153]
Discovered by: Pinkie Pie [DSA-2949-1] on: 2014-05-03 [CVE-2014-3153]
Reported on: 2014-06-05 [openwall-CVE-2014-3153]
Fixed on: 2014-06-03 [futex-patch]
Fix released on: Unknown
Affected versions: 4.4 and earlier [threatpost-towelroot][archived] regex: ([1-3].[0-9].[0-9])|(4.[0-3].[0-9])|(4.4.[0-4])
Affected devices:
Affected manufacturers: all [threatpost-towelroot][archived]
Fixed versions:
Submission:

TwerkMyMoto

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: permissions
Details: Motorola Razr I (x86) 4.1.2 root exploit, silly permissions bug. symlink /data/logs/core to uevent_helper [plus-jcase-twerkmymoto]
Discovered by: Justin Case (jcase) [plus-jcase-twerkmymoto] on: 2013-11-24 [twerk-my-moto-commit][archived]
Reported on: 2013-11-24 [plus-jcase-twerkmymoto]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.1.2 [plus-jcase-twerkmymoto] regex: 4.1.2
Affected devices: Motorola Razr I (x86) [plus-jcase-twerkmymoto]
Affected manufacturers: Motorola [plus-jcase-twerkmymoto]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2014-07-17; by: Laurent Simon, on: 2014-06-05

Use-After-Free Remote

(json)

CVE numbers: CVE-2010-1807 [webkit-use-after-free-mitre]
Coordinated disclosure?: false
Categories: system
Details: WebKit does not properly validate floating-point data in Android versions prior to 2.2, which allows a remote arbitrary code execution attack to occur through a crafted HTML page [webkit-use-after-free-mitre]
Discovered by: Itzhak Avraham [exploit-db-webkit-use-after-free] on: Unknown
Reported on: 2010-11-14 [exploit-db-webkit-use-after-free]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: Up to 2.2 [exploit-db-webkit-use-after-free] regex: (1.[0-9].[0-9])|(2.[0-1].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.2 [citation-needed]
Submission: by: Daniel Carter, on: 2019-06-28

WebKit Use-After-Free

(json)

CVE numbers: CVE-2010-1119 [citation-needed]
Coordinated disclosure?: unknown
Categories: system, app
Details: A vulnerability in the WebKit browser engine allows a malicious webpage to perform remote code execution [webkit-use-after-free-exploit-db]
Discovered by: MJ Keith [webkit-use-after-free-exploit-db] on: 2011-03-11 [webkit-use-after-free-exploit-db]
Reported on: Unknown
Fixed on: Unknown
Fix released on: 2010-05-20 [citation-needed]
Affected versions: 2.0-2.1.1 [webkit-use-after-free-exploit-db] regex: (2.0.[0-9])|(2.1.[0-1])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.2 [citation-needed]
Submission: by: Daniel Carter, on: 2019-07-03

Volez

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: signature
Details: Ability to modify a signed OTA recovery package due to an error in the signature verifier [hackers-handbook]
Discovered by: Christopher Lais (Zinx) [hackers-handbook] on: Unknown
Reported on: 2009-12-11 [volez-zen-thought][archived]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 2.0-2.0.1 [android-paper] regex: 2.0.[0-1]
Affected devices: Motorola Droid [android-paper]
Affected manufacturers: Motorola [android-paper]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-06-28

WeakSauce

(json)

CVE numbers: CVE-2014-3847 [twitter-jcase-weaksaucecve]
Coordinated disclosure?: false
Categories:
Details: WeakSauce is an exploit for some HTC devices. It was compatible with the HTC One m7 & m7 on Verizon [xda-developers-weaksauce]
Discovered by: jcase [xda-developers-weaksauce] on: Unknown
Reported on: 2014-03-29 [xda-developers-weaksauce]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices: HTC One m7 & m7 on Verizon [xda-developers-weaksauce]
Affected manufacturers: HTC [xda-developers-weaksauce]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

dhcpd buffer overrun

(json)

CVE numbers: CVE-2014-7912 [dhcpd-fix], CVE-2014-7913 [dhcpd-fix]
Coordinated disclosure?: true
Categories: network
Details: The specific flaw exists within the parsing of the DHCP options in a DHCP ACK packet. The vulnerability is triggered when the LENGTH of an option, when added to the current read position, exceeds the actual length of the DHCP options buffer. An attacker can leverage this vulnerability to execute code on the device. [ZDI-15-093] This remote code execution vulnerability executes code as the dhcp user which limit's its severity [citation-needed]
Discovered by: Jüri Aedla [ZDI-15-093] on: 2014-11-13 [ZDI-15-093]
Reported on: 2015-03-12 [ZDI-15-093]
Fixed on: 2014-11-15 [dhcpd-fix]
Fix released on: Unknown
Affected versions: All versions below 5.1 [dhcpd-circl] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])
Affected devices: all [dhcpd-circl]
Affected manufacturers: all [dhcpd-circl]
Fixed versions: 5.1 [dhcpd-circl]
Submission: by: Laurent Simon, on: 2015-03-14; by: Daniel R. Thomas, on: 2015-03-24

Z2 root exploit

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: system
Details: A system vulnerability enables users to obtain root access to some Sony devices via the shell [xda-developers-z2root]
Discovered by: Sacha (xsacha), cubundcube and Andreas Makris (bin4ry) [android-paper] on: Unknown
Reported on: 2014-06-12 [xda-developers-z2root]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices: Z2 phones and tablets [xda-developers-z2root]
Affected manufacturers: Sony [xda-developers-z2root]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

Zysploit

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: system
Details: Takes advantage of a setuid vulnerability (few details available) [citation-needed]
Discovered by: Joshua Wise [zysploit-rootwiki][archived] on: Unknown
Reported on: 2010-09-07 [zysploit-rootwiki][archived]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: Up to 2.2 [zysploit-rootwiki][archived] regex: (1.[0-9].[0-9])|(2.[0-1].[0-9])
Affected devices: Sprint EVO 4G (HTC Supersonic), Droid Incredible (HTC Incredible), HTC Desire GSM, HTC Desire CDMA (HTC BravoC), HTC Aria, Droid Eris (HTC DesireC), HTC Wildfire (HTC Buzz) [zysploit-rootwiki][archived]
Affected manufacturers: HTC [zysploit-rootwiki][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-03

certifi-gate

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: app
Details: Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device. mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner. [checkpoint-certifigate-blog][archived]
Discovered by: Check Point Software Technologies Ltd. [checkpoint-certificate-report] on: Unknown
Reported on: 2015-08-06 [checkpoint-certifigate-blog][archived]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers:
Fixed versions:
Submission: by: Laurent Simon, on: 2015-08-07; by: Daniel R. Thomas, on: 2016-06-01

camera-isp - camera-sysr - Vcodec

(json)

CVE numbers:
Coordinated disclosure?: false
Categories: system
Details: An exploit on MTK-based devices using the Framaroot app. Actually consists of three exploits: Boromir (camera-isp), Faramir (camera-sysr) and Barahir (Vcodec). [boromir-techglobule][archived]
Discovered by: alephzain [azimuth-exynos][archived] on: Unknown
Reported on: 2012-12-15 [azimuth-exynos][archived]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.0 (and possibly some later version [azimuth-exynos][archived] regex:
Affected devices: Many MTK-based devices [xda-framaroot-devices][archived]
Affected manufacturers: Samsung [azimuth-exynos][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

libmsm memory corruption

(json)

CVE numbers: CVE-2014-4321 [libmsm-github]
Coordinated disclosure?: false
Categories: system
Details: A memory read exploit that uses a vulnerability in the camera driver [android-paper]
Discovered by: Hiroyuki Ikezoe [android-paper] on: Unknown
Reported on: 2015-03-08 [libmsm-github]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers:
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

dirtyc0w

(json)

CVE numbers: CVE-2016-5195 [dirtyc0w-redhat]
Coordinated disclosure?: false
Categories: kernel
Details: A race condition in the Linux kernel's handling of copy-on-write (COW) operations means that users can gain write access to otherwise read-only areas of memory and gain permissions [dirtyc0w-redhat]
Discovered by: Phil Oester [dirtyc0w-redhat] on: Unknown
Reported on: 2016-10-13 [dirtyc0w-bugzilla]
Fixed on: 2016-10-18 [dirtyc0w-github][archived]
Fix released on: 2016-11-06 [dirtyc0w-bulletin]
Affected versions: 1.0 to 7.0 [dirtyc0w-arstechnica][archived] regex: ([1-6].[0-9].[0-9])|(7.0.[0-9])
Affected devices: all [dirtyc0w-arstechnica][archived]
Affected manufacturers: all [dirtyc0w-arstechnica][archived]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

exploid udev

(json)

CVE numbers: CVE-2009-1185 [citation-needed]
Coordinated disclosure?: false
Categories: kernel
Details: udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. [CVE-2009-1185]
Discovered by: Sebastian ??? [c-skills-android-trickery][archived] on: 2010-07-15 [c-skills-android-trickery][archived]
Reported on: 2010-07-15 [c-skills-android-trickery][archived]
Fixed on: 2011-04-18 [netd-udev-fix]
Fix released on: 2011-07-25 [sprint-2.3.5-release#0][sprint-2.3.5-release#1]
Affected versions: 1.0-2.3.4 [citation-needed] regex: (1.[0-9].[0-9])|(2.(([0-2].[0-9])|(3.[0-4])))
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.5_r1 [netd-udev-fix]
Submission: by: Daniel R. Thomas, on: 2013-09-04

exynosroot

(json)

CVE numbers: CVE-2012-6422 [nist-exynosroot]
Coordinated disclosure?: false
Categories: system
Details: A driver/kernel vulnerability allows the device /dev/exynos-mem access to all physical memory, meaning that any library with access to it can obtain root access [xda-developers-exynosroot]
Discovered by: alephzain [xda-developers-exynosroot] on: Unknown
Reported on: 2012-12-15 [xda-developers-exynosroot]
Fixed on: Unknown
Fix released on: Unknown
Affected versions: 4.0 (and possibly some later version [azimuth-exynos][archived] regex:
Affected devices: Samsung Galaxy S2 [xda-developers-exynosroot], Samsung Galaxy Note 2 [xda-developers-exynosroot], MEIZU MX [xda-developers-exynosroot]
Affected manufacturers: Samsung [xda-developers-exynosroot]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

keystore buffer

(json)

CVE numbers: CVE-2014-3100 [securityinteligence-keystore]
Coordinated disclosure?: true
Categories: system
Details: Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. [CVE-2014-3100]
Discovered by: Roee Hay (IBM) [securityinteligence-keystore] on: 2013-09-09 [keystore-patch]
Reported on: 2014-06-23 [securityinteligence-keystore]
Fixed on: 2013-09-09 [keystore-patch]
Fix released on: 2013-10-31 [android-4.4-release]
Affected versions: 4.3 [securityinteligence-keystore] regex: 4.3.[0-9]
Affected devices: all [securityinteligence-keystore]
Affected manufacturers: all [securityinteligence-keystore]
Fixed versions: 4.4 [keystore-patch]
Submission: by: Daniel R. Thomas, on: 2014-07-17; by: Laurent Simon, on: 2014-06-24

levitator

(json)

CVE numbers: CVE-2011-1350 [citation-needed], CVE-2011-1352 [citation-needed]
Coordinated disclosure?: true
Categories: kernel
Details: Improper bounds checking in the PowerVR driver as used in versions of Android prior to 2.3.6 when copying user data to kernel memory allows a malicious local application to write to the same area of memory referenced in CVE-2011-1350, potentially allowing for arbitrary code execution and privilege escalation. [citation-needed]
Discovered by: Geremy Condra [security-focus-57900][archived] on: 2011-03-10 [CVE-2011-1350]
Reported on: Unknown
Fixed on: Unknown
Fix released on: 2011-09-02 [w-ard-ver-hist], 2011-09-29 [tag-android-2.3.6_r1]
Affected versions: 1.0 -- 2.3.5 [citation-needed] regex: (1.[0-9].[0-9])|(2.(([0-2].[0-9])|(3.[0-5])))
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.3.6 [citation-needed]
Submission: by: Daniel R. Thomas, on: 2013-09-02

prctl_set_vma_anon_name

(json)

CVE numbers: CVE-2015-6640 [prctl-vma-bulletin]
Coordinated disclosure?: true
Categories: kernel
Details: An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel [prctl-vma-bulletin]
Discovered by: Edward Huang [android-paper] on: Unknown
Reported on: Unknown
Fixed on: 2014-08-05 [prctl-vma-commit]
Fix released on: 2014-08-12 [prctl-vma-commit]
Affected versions: 4.4.4 to 6.0 [prctl-vma-bulletin] regex: (4.[4-9].[4-9])|(5.[0-9].[0-9])|(6.0.[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-09

libperf_event

(json)

CVE numbers: CVE-2013-2094 [cve-mitre-libperf-event]
Coordinated disclosure?: false
Categories: kernel
Details: The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. [cve-mitre-libperf-event]
Discovered by: Hiroyuki Ikezoe [android-paper] on: Unknown
Reported on: Unknown
Fixed on: 2013-04-25 [linux-3-8-9-launchpad]
Fix released on: Unknown
Affected versions: 4.0 to 4.3.1 [android-paper] regex: (4.[0-2].[0-9])|(4.3.[0-1])
Affected devices: Nexus 4, and some Japanese models from HTC, Fujitsu, Sharp, Sony and LG models [android-paper]
Affected manufacturers: HTC [android-paper], Fujitsu [android-paper], Sharp [android-paper], Sony [android-paper], LG [android-paper]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-08

pipe inatomic

(json)

CVE numbers: CVE-2015-1805 [CVE-2015-1805]
Coordinated disclosure?: true
Categories: kernel
Details: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun.' [CVE-2015-1805] This is a known issue in the upstream Linux kernel that was fixed in April 2014 but wasn’t called out as a security fix and assigned CVE-2015-1805 until February 2, 2015. On February 19, 2016, C0RE Team notified Google that the issue could be exploited on Android and a patch was developed to be included in an upcoming regularly scheduled monthly update. On March 15, 2016 Google received a report from Zimperium that this vulnerability had been abused on a Nexus 5 device. Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges. [android-advisory-2016-03-18]
Discovered by: Red Hat [redhatbug-1202855] on: 2015-02-02 [android-advisory-2016-03-18], 2015-03-17 [redhatbug-1202855]
Reported on: 2015-06-06 [openwall-2015-06-06-2]
Fixed on: 2015-06-16 [pipe-inatomic-patch3.4]
Fix released on: Unknown
Affected versions: Kernel versions 3.4, 3.10 and 3.14 [android-advisory-2016-03-18] regex:
Affected devices: all [android-advisory-2016-03-18]
Affected manufacturers: all [citation-needed]
Fixed versions: Kernel versions from 3.18 and patched kernels [android-advisory-2016-03-18]
Submission: by: Daniel R. Thomas, on: 2016-03-21

mempodroid - mempodripper - mem exploit

(json)

CVE numbers: CVE-2012-0056 [mempodroid-cve-mitre]
Coordinated disclosure?: false
Categories: kernel
Details: The mem_write function in the Linux kernel does not properly check permissions, allowing a user to gain privileges [mempodroid-cve-mitre]
Discovered by: Jay Freeman (saurik) [xda-forum-mempodroid] on: 2012-01-24 [xda-forum-mempodroid]
Reported on: 2012-01-24 [xda-forum-mempodroid]
Fixed on: 2012-01-17 [citation-needed]
Fix released on: Unknown
Affected versions: 4.0.1-4.0.3 [citation-needed] regex: 4.0.[1-3]
Affected devices: Acer A200 Tablet, Galaxy Nexus, Motorola RAZR, Nexus S, Asus Transformer Prime [android-paper]
Affected manufacturers: Acer [android-paper], Samsung [android-paper], Motorola [android-paper], Asus [android-paper]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-03

pty race

(json)

CVE numbers: CVE-2014-0196 [includesecurity-pty-race]
Coordinated disclosure?: true
Categories: kernel
Details: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. [nvd-CVE-2014-0196] Taking a look at the git history of the Linux kernel it turns out that all kernels between c56a00a165712fd73081f40044b1e64407bb1875 (march 2012) and 64325a3be08d364a62ee8f84b2cf86934bc2544a (january 2013) are not affected by this vuln as tty_insert_flip_string_fixed_flag() was internally locked there. [includesecurity-pty-race] Fixed from 4291086b1f081b869c6d79e5b7441633dc3ace00 and present from d945cb9cce20ac7143c2de8d88b187f62db99bdc [pty-race-patch]
Discovered by: Jiri Slaby jslaby@suse.cz [pty-race-patch] on: 2014-04-29 [novel-pty-race-bug]
Reported on: 2014-04-30 [novel-pty-race-bug], 2014-05-05 [openwall-pty-race]
Fixed on: 2014-04-29 [openwall-pty-race]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [includesecurity-pty-race]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2014-09-17

sock_sendpage

(json)

CVE numbers: CVE-2009-2692 [vulmon]
Coordinated disclosure?: false
Categories: kernel
Details: A vulnerability in the kernel allows local users to gain privileges due to function pointers not being initialised. [vulmon] According to one source, Android versions up to 3.2.6 are vulnerable [android-paper]
Discovered by: Tavis Ormandy and Julien Tinnes [cr0][archived] on: Unknown
Reported on: 2009-08-13 [cr0][archived]
Fixed on: 2009-08-13 [linux-commit]
Fix released on: Unknown
Affected versions: Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4 [cve-mitre-sock-sendpage], Android up to 2.1 [cve-mitre-sock-sendpage] regex: (1.[0-9].[0-9])|(2.[0-1].[0-9])
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-03

vold asec

(json)

CVE numbers:
Coordinated disclosure?: true
Categories: system
Details: Insufficient paramter checking for asec container creation allows an asec container to be mounted over part of the filesystem using directory traversal if the app has the ASEC_* permissions such as ASEC_CREATE [cassidian-vold-asec] There is an adb tethered root explot for motorola phones [xda-developers-pie-exploit]
Discovered by: Justin Case (jcase) [android-paper] on: Unknown
Reported on: 2014-06-03 [cassidian-vold-asec]
Fixed on: 2014-01-27 [vold-asec-patch]
Fix released on: 2014-06-02 [android-4.4.3_r1]
Affected versions: 2.2.1_r1-4.4.2 [vold-asec-implementation][cassidian-vold-asec] regex: (2.((2.[1-9])|([3-9].[0-9])))|(3.[0-9].[0-9])|(4.(([0-3].[0-9])|(4.[0-2])))
Affected devices: Motorola devices [xda-developers-pie-exploit], Proper SEAndroid policies do block this, Nexus 5, Samsung S4/5/Note3, LG Flex, Sony Z2 devices etc should have this mitigated. Nexus 4 if it hasn't been updated to 4.4.3 nor reset since OTA to 4.4 [plus-jcase-pie]
Affected manufacturers: all [vold-asec-implementation]
Fixed versions: 4.4.3 [cassidian-vold-asec]
Submission: by: Daniel R. Thomas, on: 2014-07-16; by: Laurent Simon, on: 2014-06-04; by: Laurent Simon, on: 2015-10-09; by: Daniel Carter, on: 2019-07-08

zergRush

(json)

CVE numbers: CVE-2011-3874 [citation-needed]
Coordinated disclosure?: false
Categories: system
Details: [android-issue-21681]
Discovered by: The Revolutionary development team [citation-needed] on: 2011-10-06 [github-zergrush]
Reported on: 2011-11-09 [android-issue-21681]
Fixed on: 2011-11-09 [android-issue-21681]
Fix released on: 2011-11-21 [tag-android-2.2.3_r1]
Affected versions: Android 2.2.x up to and including to 2.2.2, Android 2.3.x up to and including to 2.3.6 [citation-needed] regex: 2.(([0-1].[0-9])|(2.[0-2])|(3.[0-6]))
Affected devices: all [citation-needed]
Affected manufacturers: all [citation-needed]
Fixed versions: 2.2.3, 2.3.7, 3.x+ [citation-needed]
Submission: by: Daniel R. Thomas, on: 2013-08-28