AndroidVulnerabilities.org

Back to all vulnerabilities

An integer underflow in ESDS processing

CVE-2015-1539

(json)

• CVE numbers: CVE-2015-1539 [Bulletin-CVE-2015-1539]
• Coordinated disclosure?: unknown
• Categories: An integer underflow in ESDS processing
• Details: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. [NIST-CVE-2015-1539]
• Discovered by: on: Unknown
• Reported on: 2015-08-01 [Bulletin-CVE-2015-1539]
• Fixed on: 2015-04-08 [ANDROID-20139950]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-1539] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-1539]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Broadcom components

• CVE-2017-9417
• CVE-2017-11120
• CVE-2017-11121
• CVE-2017-7065
• CVE-2017-13292
• CVE-2019-11516

Buffer overflow in Sonivox Parse_wave

CVE-2015-3836

(json)

• CVE numbers: CVE-2015-3836 [Bulletin-CVE-2015-3836]
• Coordinated disclosure?: unknown
• Categories: Buffer overflow in Sonivox Parse_wave
• Details: The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. [NIST-CVE-2015-3836]
• Discovered by: on: Unknown
• Reported on: 2015-08-01 [Bulletin-CVE-2015-3836]
• Fixed on: 2015-05-14 [ANDROID-21132860]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3836] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3836]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Buffer overflows in libstagefright MPEG4Extractor.cpp

CVE-2015-3832

(json)

• CVE numbers: CVE-2015-3832 [Bulletin-CVE-2015-3832]
• Coordinated disclosure?: unknown
• Categories: Buffer overflows in libstagefright MPEG4Extractor.cpp
• Details: Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. [NIST-CVE-2015-3832]
• Discovered by: on: Unknown
• Reported on: 2015-08-01 [Bulletin-CVE-2015-3832]
• Fixed on: 2015-04-01 [ANDROID-19641538]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3832] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3832]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation Privilege Vulnerability in Kernel

CVE-2015-3636

(json)

• CVE numbers: CVE-2015-3636 [Bulletin-CVE-2015-3636]
• Coordinated disclosure?: unknown
• Categories: Elevation Privilege Vulnerability in Kernel
• Details: The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. [NIST-CVE-2015-3636]
• Discovered by: on: Unknown
• Reported on: 2015-09-01 [Bulletin-CVE-2015-3636]
• Fixed on: 2015-05-02 [ANDROID-20770158]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3636] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3636]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerabilities in Trustzone

CVE-2015-6639

(json)

• CVE numbers: CVE-2015-6639 [Bulletin-CVE-2015-6639]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerabilities in Trustzone
• Details: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. [NIST-CVE-2015-6639]
• Discovered by: on: Unknown
• Reported on: 2016-01-01 [Bulletin-CVE-2015-6639]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6639] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6639]
• Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6639]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6647

(json)

• CVE numbers: CVE-2015-6647 [Bulletin-CVE-2015-6647]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerabilities in Trustzone
• Details: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. [NIST-CVE-2015-6647]
• Discovered by: on: Unknown
• Reported on: 2016-01-01 [Bulletin-CVE-2015-6647]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6647] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6647]
• Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6647]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Debuggerd

CVE-2016-2430

(json)

• CVE numbers: CVE-2016-2430 [Bulletin-CVE-2016-2430]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Debuggerd
• Details: libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236. [NIST-CVE-2016-2430]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2430]
• Fixed on: 2016-03-23 [27299236]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2430] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-2430]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2430]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Kernel

CVE-2015-6640

(json)

• CVE numbers: CVE-2015-6640 [Bulletin-CVE-2015-6640]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Kernel
• Details: The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. [NIST-CVE-2015-6640]
• Discovered by: on: Unknown
• Reported on: 2016-01-01 [Bulletin-CVE-2015-6640]
• Fixed on: 2014-08-05 [ANDROID-20017123]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0, 5.1.1, 6.0 [Bulletin-CVE-2015-6640] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6640]
• Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0 [Bulletin-CVE-2015-6640]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9322

(json)

• CVE numbers: CVE-2014-9322 [Bulletin-CVE-2014-9322]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Kernel
• Details: arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. [NIST-CVE-2014-9322]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2014-9322]
• Fixed on: 2014-12-04 [11]
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2014-9322] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2014-9322]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2014-9322]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-1805

(json)

• CVE numbers: CVE-2015-1805 [Bulletin-CVE-2015-1805]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Kernel
• Details: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." [NIST-CVE-2015-1805]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2015-1805]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-1805] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-1805]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-1805]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Kernel Keyring Component

CVE-2016-0728

(json)

• CVE numbers: CVE-2016-0728 [Bulletin-CVE-2016-0728]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Kernel Keyring Component
• Details: The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. [NIST-CVE-2016-0728]
• Discovered by: on: Unknown
• Reported on: 2016-03-01 [Bulletin-CVE-2016-0728]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0728] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0728]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0728]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in MediaTek Wi-Fi Kernel Driver

CVE-2016-0820

(json)

• CVE numbers: CVE-2016-0820 [Bulletin-CVE-2016-0820]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in MediaTek Wi-Fi Kernel Driver
• Details: The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. [NIST-CVE-2016-0820]
• Discovered by: on: Unknown
• Reported on: 2016-03-01 [Bulletin-CVE-2016-0820]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 6.0.1 [Bulletin-CVE-2016-0820] regex: (6.0.1)
• Affected devices:
• Affected manufacturers: MediaTek [Bulletin-CVE-2016-0820]
• Fixed versions: 6.0.1 [Bulletin-CVE-2016-0820]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in NVIDIA Video Driver

CVE-2016-2434

(json)

• CVE numbers: CVE-2016-2434 [Bulletin-CVE-2016-2434]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in NVIDIA Video Driver
• Details: The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090. [NIST-CVE-2016-2434]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2434]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: NVIDIA [Bulletin-CVE-2016-2434]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2435

(json)

• CVE numbers: CVE-2016-2435 [Bulletin-CVE-2016-2435]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in NVIDIA Video Driver
• Details: The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988. [NIST-CVE-2016-2435]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2435]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: NVIDIA [Bulletin-CVE-2016-2435]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2436

(json)

• CVE numbers: CVE-2016-2436 [Bulletin-CVE-2016-2436]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in NVIDIA Video Driver
• Details: The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111. [NIST-CVE-2016-2436]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2436]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: NVIDIA [Bulletin-CVE-2016-2436]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2437

(json)

• CVE numbers: CVE-2016-2437 [Bulletin-CVE-2016-2437]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in NVIDIA Video Driver
• Details: The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822. [NIST-CVE-2016-2437]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2437]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: NVIDIA [Bulletin-CVE-2016-2437]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Qualcomm GPU Driver

CVE-2016-2062

(json)

• CVE numbers: CVE-2016-2062 [Bulletin-CVE-2016-2062]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm GPU Driver
• Details: The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call. [NIST-CVE-2016-2062]
• Discovered by: on: Unknown
• Reported on: 2016-06-01 [Bulletin-CVE-2016-2062]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2062]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2468

(json)

• CVE numbers: CVE-2016-2468 [Bulletin-CVE-2016-2468]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm GPU Driver
• Details: The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454. [NIST-CVE-2016-2468]
• Discovered by: on: Unknown
• Reported on: 2016-06-01 [Bulletin-CVE-2016-2468]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2468]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Qualcomm Performance Module

CVE-2016-0805

(json)

• CVE numbers: CVE-2016-0805 [Bulletin-CVE-2016-0805]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Performance Module
• Details: The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204. [NIST-CVE-2016-0805]
• Discovered by: on: Unknown
• Reported on: 2016-02-01 [Bulletin-CVE-2016-0805]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0805] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0805]
• Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0805]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0843

(json)

• CVE numbers: CVE-2016-0843 [Bulletin-CVE-2016-0843]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Performance Module
• Details: The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197. [NIST-CVE-2016-0843]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0843]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0843] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0843]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0843]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Qualcomm RF component

CVE-2016-0844

(json)

• CVE numbers: CVE-2016-0844 [Bulletin-CVE-2016-0844]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm RF component
• Details: The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307. [NIST-CVE-2016-0844]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0844]
• Fixed on: 2016-01-05 [ANDROID-26324307]
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0844] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0844]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0844]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Qualcomm Sound Driver

CVE-2016-2466

(json)

• CVE numbers: CVE-2016-2466 [Bulletin-CVE-2016-2466]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Sound Driver
• Details: The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307. [NIST-CVE-2016-2466]
• Discovered by: on: Unknown
• Reported on: 2016-06-01 [Bulletin-CVE-2016-2466]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2466]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2467

(json)

• CVE numbers: CVE-2016-2467 [Bulletin-CVE-2016-2467]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Sound Driver
• Details: The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28029010. [NIST-CVE-2016-2467]
• Discovered by: on: Unknown
• Reported on: 2016-06-01 [Bulletin-CVE-2016-2467]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2467]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Qualcomm TrustZone

CVE-2016-2431

(json)

• CVE numbers: CVE-2016-2431 [Bulletin-CVE-2016-2431]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm TrustZone
• Details: The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809. [NIST-CVE-2016-2431]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2431]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2431]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2432

(json)

• CVE numbers: CVE-2016-2432 [Bulletin-CVE-2016-2432]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm TrustZone
• Details: The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059. [NIST-CVE-2016-2432]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2432]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2432]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Qualcomm Video Driver

CVE-2016-2465

(json)

• CVE numbers: CVE-2016-2465 [Bulletin-CVE-2016-2465]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Video Driver
• Details: The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865. [NIST-CVE-2016-2465]
• Discovered by: on: Unknown
• Reported on: 2016-06-01 [Bulletin-CVE-2016-2465]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2465]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver

CVE-2016-0806

(json)

• CVE numbers: CVE-2016-0806 [Bulletin-CVE-2016-0806]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
• Details: The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453. [NIST-CVE-2016-0806]
• Discovered by: on: Unknown
• Reported on: 2016-02-01 [Bulletin-CVE-2016-0806]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0806] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0806]
• Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0806]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-0569

(json)

• CVE numbers: CVE-2015-0569 [Bulletin-CVE-2015-0569]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
• Details: Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter. [NIST-CVE-2015-0569]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2015-0569]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2015-0569]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-0570

(json)

• CVE numbers: CVE-2015-0570 [Bulletin-CVE-2015-0570]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
• Details: Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element. [NIST-CVE-2015-0570]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2015-0570]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2015-0570]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2474

(json)

• CVE numbers: CVE-2016-2474 [Bulletin-CVE-2016-2474]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
• Details: The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 27424603. [NIST-CVE-2016-2474]
• Discovered by: on: Unknown
• Reported on: 2016-06-01 [Bulletin-CVE-2016-2474]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-2474]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in misc-sd driver

CVE-2015-6637

(json)

• CVE numbers: CVE-2015-6637 [Bulletin-CVE-2015-6637]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in misc-sd driver
• Details: The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. [NIST-CVE-2015-6637]
• Discovered by: on: Unknown
• Reported on: 2016-01-01 [Bulletin-CVE-2015-6637]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6637] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6637]
• Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6637]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in the Debuggerd

CVE-2016-0807

(json)

• CVE numbers: CVE-2016-0807 [Bulletin-CVE-2016-0807]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in the Debuggerd
• Details: The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394. [NIST-CVE-2016-0807]
• Discovered by: on: Unknown
• Reported on: 2016-02-01 [Bulletin-CVE-2016-0807]
• Fixed on: 2015-10-22 [ANDROID-25187394]
• Fix released on: Unknown
• Affected versions: 6.0 and 6.0.1 [Bulletin-CVE-2016-0807] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0807]
• Fixed versions: 6.0 and 6.0.1 [Bulletin-CVE-2016-0807]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in the Imagination Technologies driver

CVE-2015-6638

(json)

• CVE numbers: CVE-2015-6638 [Bulletin-CVE-2015-6638]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in the Imagination Technologies driver
• Details: The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. [NIST-CVE-2015-6638]
• Discovered by: on: Unknown
• Reported on: 2016-01-01 [Bulletin-CVE-2015-6638]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6638] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6638]
• Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6638]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege Vulnerability in the Qualcomm Performance Component

CVE-2016-0819

(json)

• CVE numbers: CVE-2016-0819 [Bulletin-CVE-2016-0819]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege Vulnerability in the Qualcomm Performance Component
• Details: The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. [NIST-CVE-2016-0819]
• Discovered by: on: Unknown
• Reported on: 2016-03-01 [Bulletin-CVE-2016-0819]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0819] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-0819]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0819]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege in Conscrypt

CVE-2016-0818

(json)

• CVE numbers: CVE-2016-0818 [Bulletin-CVE-2016-0818]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege in Conscrypt
• Details: The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. [NIST-CVE-2016-0818]
• Discovered by: on: Unknown
• Reported on: 2016-03-01 [Bulletin-CVE-2016-0818]
• Fixed on: 2015-12-20 [[2]]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0818] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0818]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0818]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of Privilege in Kernel

CVE-2015-6619

(json)

• CVE numbers: CVE-2015-6619 [Bulletin-CVE-2015-6619]
• Coordinated disclosure?: unknown
• Categories: Elevation of Privilege in Kernel
• Details: The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. [NIST-CVE-2015-6619]
• Discovered by: on: Unknown
• Reported on: 2015-12-01 [Bulletin-CVE-2015-6619]
• Fixed on: 2015-09-22 [ANDROID-23520714]
• Fix released on: Unknown
• Affected versions: 6.0 and below [Bulletin-CVE-2015-6619] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6619]
• Fixed versions: 6.0 and below [Bulletin-CVE-2015-6619]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in Broadcom Wi-Fi driver

CVE-2017-0430

(json)

• CVE numbers: CVE-2017-0430 [Bulletin-CVE-2017-0430]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Broadcom Wi-Fi driver
• Details: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459. [NIST-CVE-2017-0430]
• Discovered by: on: Unknown
• Reported on: 2017-02-01 [Bulletin-CVE-2017-0430]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Broadcom [Bulletin-CVE-2017-0430]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

CVE-2017-0509

(json)

• CVE numbers: CVE-2017-0509 [Bulletin-CVE-2017-0509]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Broadcom Wi-Fi driver
• Details: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688. [NIST-CVE-2017-0509]
• Discovered by: pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0509] on: Unknown
• Reported on: 2017-03-01 [Bulletin-CVE-2017-0509]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Broadcom [Bulletin-CVE-2017-0509]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in HTC touchscreen driver

CVE-2017-0563

(json)

• CVE numbers: CVE-2017-0563 [Bulletin-CVE-2017-0563]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in HTC touchscreen driver
• Details: An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. [NIST-CVE-2017-0563]
• Discovered by: Roee Hay (@roeehay) of Aleph Research, HCL Technologies [Discovery-CVE-2017-0563] on: Unknown
• Reported on: 2017-04-01 [Bulletin-CVE-2017-0563]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: HTC [Bulletin-CVE-2017-0563]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in MediaTek Wi-Fi driver

CVE-2016-3767

(json)

• CVE numbers: CVE-2016-3767 [Bulletin-CVE-2016-3767]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in MediaTek Wi-Fi driver
• Details: The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526. [NIST-CVE-2016-3767]
• Discovered by: on: Unknown
• Reported on: 2016-07-01 [Bulletin-CVE-2016-3767]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: MediaTek [Bulletin-CVE-2016-3767]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in MediaTek components

• CVE-2017-0500
• CVE-2017-0501
• CVE-2017-0502
• CVE-2017-0503
• CVE-2017-0504
• CVE-2017-0505
• CVE-2017-0506

Elevation of privilege vulnerability in MediaTek driver

CVE-2016-8433

(json)

• CVE numbers: CVE-2016-8433 [Bulletin-CVE-2016-8433]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in MediaTek driver
• Details: An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192. [NIST-CVE-2016-8433]
• Discovered by: on: Unknown
• Reported on: 2017-01-01 [Bulletin-CVE-2016-8433]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: MediaTek [Bulletin-CVE-2016-8433]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in MediaTek drivers (Device specific)

• CVE-2016-3770
• CVE-2016-3771
• CVE-2016-3772
• CVE-2016-3773
• CVE-2016-3774

Elevation of privilege vulnerability in MediaTek touchscreen driver

CVE-2016-10274

(json)

• CVE numbers: CVE-2016-10274 [Bulletin-CVE-2016-10274]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in MediaTek touchscreen driver
• Details: An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901. [NIST-CVE-2016-10274]
• Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2016-10274] on: Unknown
• Reported on: 2017-05-01 [Bulletin-CVE-2016-10274]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: MediaTek [Bulletin-CVE-2016-10274]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in MediaTek video driver

CVE-2016-3928

(json)

• CVE numbers: CVE-2016-3928 [Bulletin-CVE-2016-3928]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in MediaTek video driver
• Details: The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384. [NIST-CVE-2016-3928]
• Discovered by: on: Unknown
• Reported on: 2016-10-01 [Bulletin-CVE-2016-3928]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: MediaTek [Bulletin-CVE-2016-3928]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in Motorola bootloader

CVE-2016-10277

(json)

• CVE numbers: CVE-2016-10277 [Bulletin-CVE-2016-10277]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Motorola bootloader
• Details: An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. [NIST-CVE-2016-10277]
• Discovered by: Roee Hay (@roeehay) of Aleph Research, HCL Technologies [Discovery-CVE-2016-10277] on: Unknown
• Reported on: 2017-05-01 [Bulletin-CVE-2016-10277]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-10277]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in NVIDIA GPU driver

• CVE-2016-6730
• CVE-2016-6731
• CVE-2016-6732
• CVE-2016-6733
• CVE-2016-6734
• CVE-2016-6735
• CVE-2016-6736
• CVE-2016-6775
• CVE-2016-6776
• CVE-2016-6777
• CVE-2016-8424
• CVE-2016-8425
• CVE-2016-8426
• CVE-2016-8427
• CVE-2016-8428
• CVE-2016-8429
• CVE-2016-8430
• CVE-2016-8431
• CVE-2016-8432
• CVE-2016-8435
• CVE-2016-8482
• CVE-2017-0428
• CVE-2017-0429
• CVE-2017-0306
• CVE-2017-0333
• CVE-2017-0335
• CVE-2017-0337
• CVE-2017-0338

Elevation of privilege vulnerability in NVIDIA video driver

• CVE-2016-3769
• CVE-2016-6915
• CVE-2016-6916
• CVE-2016-6917
• CVE-2017-0331

Elevation of privilege vulnerability in Qualcomm GPU driver

• CVE-2016-8434
• CVE-2016-2067
• CVE-2016-2503
• CVE-2016-2504
• CVE-2016-3842
• CVE-2016-8479

Elevation of privilege vulnerability in Qualcomm bootloader

• CVE-2016-8422
• CVE-2016-8423
• CVE-2016-10275
• CVE-2016-6729
• CVE-2016-10276

Elevation of privilege vulnerability in Qualcomm components

CVE-2014-9863

(json)

• CVE numbers: CVE-2014-9863 [Bulletin-CVE-2014-9863]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Qualcomm components
• Details: Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470. [NIST-CVE-2014-9863]
• Discovered by: on: Unknown
• Reported on: 2016-08-01 [Bulletin-CVE-2014-9863]
• Fixed on: 2013-12-24 [QC-CR#549470]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9863]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9794

(json)

• CVE numbers: CVE-2014-9794 [Bulletin-CVE-2014-9794]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Qualcomm components
• Details: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0973. Reason: This candidate is a reservation duplicate of CVE-2014-0973. Notes: All CVE users should reference CVE-2014-0973 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. [NIST-CVE-2014-9794]
• Discovered by: on: Unknown
• Reported on: 2016-07-01 [Bulletin-CVE-2014-9794]
• Fixed on: 2014-04-21 [QC-CR646385]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9794]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2014-9795

(json)

• CVE numbers: CVE-2014-9795 [Bulletin-CVE-2014-9795]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Qualcomm components
• Details: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325. [NIST-CVE-2014-9795]
• Discovered by: on: Unknown
• Reported on: 2016-07-01 [Bulletin-CVE-2014-9795]
• Fixed on: 2014-06-18 [2]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9795]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-8892

(json)

• CVE numbers: CVE-2015-8892 [Bulletin-CVE-2015-8892]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Qualcomm components
• Details: platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998. [NIST-CVE-2015-8892]
• Discovered by: on: Unknown
• Reported on: 2016-07-01 [Bulletin-CVE-2015-8892]
• Fixed on: 2015-09-08 [QC-CR902998]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2015-8892]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in Qualcomm performance component

CVE-2016-3768

(json)

• CVE numbers: CVE-2016-3768 [Bulletin-CVE-2016-3768]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Qualcomm performance component
• Details: The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644. [NIST-CVE-2016-3768]
• Discovered by: on: Unknown
• Reported on: 2016-07-01 [Bulletin-CVE-2016-3768]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-3768]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in Qualcomm power driver

CVE-2017-0604

(json)

• CVE numbers: CVE-2017-0604 [Bulletin-CVE-2017-0604]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Qualcomm power driver
• Details: An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589. [NIST-CVE-2017-0604]
• Discovered by: on: Unknown
• Reported on: 2017-05-01 [Bulletin-CVE-2017-0604]
• Fixed on: 2015-04-20 [QC-CR#826589]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2017-0604]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in Qualcomm video driver

CVE-2016-8436

(json)

• CVE numbers: CVE-2016-8436 [Bulletin-CVE-2016-8436]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in Qualcomm video driver
• Details: An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860. [NIST-CVE-2016-8436]
• Discovered by: on: Unknown
• Reported on: 2017-01-01 [Bulletin-CVE-2016-8436]
• Fixed on: 2016-05-12 [QC-CR#1007860]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8436]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in USB driver

CVE-2015-8816

(json)

• CVE numbers: CVE-2015-8816 [Bulletin-CVE-2015-8816]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in USB driver
• Details: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. [NIST-CVE-2015-8816]
• Discovered by: on: Unknown
• Reported on: 2016-07-01 [Bulletin-CVE-2015-8816]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-8816]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel

CVE-2015-8966

(json)

• CVE numbers: CVE-2015-8966 [Bulletin-CVE-2015-8966]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel
• Details: arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. [NIST-CVE-2015-8966]
• Discovered by: on: Unknown
• Reported on: 2016-12-01 [Bulletin-CVE-2015-8966]
• Fixed on: 2015-12-28 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-8966]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3857

(json)

• CVE numbers: CVE-2016-3857 [Bulletin-CVE-2016-3857]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel
• Details: The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518. [NIST-CVE-2016-3857]
• Discovered by: on: Unknown
• Reported on: 2016-08-01 [Bulletin-CVE-2016-3857]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-3857]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel FIQ debugger

CVE-2017-0510

(json)

• CVE numbers: CVE-2017-0510 [Bulletin-CVE-2017-0510]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel FIQ debugger
• Details: An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32402555. [NIST-CVE-2017-0510]
• Discovered by: Sagi Kedmi of IBM Security X-Force Research [Discovery-CVE-2017-0510] on: Unknown
• Reported on: 2017-03-01 [Bulletin-CVE-2017-0510]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2017-0510]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in kernel ION driver

CVE-2016-9120

(json)

• CVE numbers: CVE-2016-9120 [Bulletin-CVE-2016-9120]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel ION driver
• Details: Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. [NIST-CVE-2016-9120]
• Discovered by: on: Unknown
• Reported on: 2016-12-01 [Bulletin-CVE-2016-9120]
• Fixed on: 2016-02-24 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-9120]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel ION subsystem

• CVE-2016-6728
• CVE-2016-6737
• CVE-2017-0507
• CVE-2017-0508
• CVE-2017-0564

Elevation of privilege vulnerability in kernel SCSI driver

CVE-2015-8962

(json)

• CVE numbers: CVE-2015-8962 [Bulletin-CVE-2015-8962]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel SCSI driver
• Details: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. [NIST-CVE-2015-8962]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2015-8962]
• Fixed on: 2015-10-30 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-8962]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel USB driver

CVE-2016-3951

(json)

• CVE numbers: CVE-2016-3951 [Bulletin-CVE-2016-3951]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel USB driver
• Details: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. [NIST-CVE-2016-3951]
• Discovered by: on: Unknown
• Reported on: 2016-09-01 [Bulletin-CVE-2016-3951]
• Fixed on: 2016-03-07 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-3951]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-7912

(json)

• CVE numbers: CVE-2016-7912 [Bulletin-CVE-2016-7912]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel USB driver
• Details: Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. [NIST-CVE-2016-7912]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-7912]
• Fixed on: 2016-04-14 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-7912]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel file system

• CVE-2015-5706
• CVE-2015-8961
• CVE-2016-3775
• CVE-2016-7911
• CVE-2016-7910
• CVE-2017-0427

Elevation of privilege vulnerability in kernel media driver

CVE-2016-7913

(json)

• CVE numbers: CVE-2016-7913 [Bulletin-CVE-2016-7913]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel media driver
• Details: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. [NIST-CVE-2016-7913]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-7913]
• Fixed on: 2016-01-28 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-7913]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel memory subsystem

CVE-2015-3288

(json)

• CVE numbers: CVE-2015-3288 [Bulletin-CVE-2015-3288]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel memory subsystem
• Details: mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. [NIST-CVE-2015-3288]
• Discovered by: on: Unknown
• Reported on: 2017-01-01 [Bulletin-CVE-2015-3288]
• Fixed on: 2015-07-06 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3288]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-4794

(json)

• CVE numbers: CVE-2016-4794 [Bulletin-CVE-2016-4794]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel memory subsystem
• Details: Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. [NIST-CVE-2016-4794]
• Discovered by: on: Unknown
• Reported on: 2016-12-01 [Bulletin-CVE-2016-4794]
• Fixed on: 2016-05-25 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-4794]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-5195

(json)

• CVE numbers: CVE-2016-5195 [Bulletin-CVE-2016-5195]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel memory subsystem
• Details: Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." [NIST-CVE-2016-5195]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-5195]
• Fixed on: 2016-10-13 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-5195]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel netfilter subsystem

CVE-2016-3134

(json)

• CVE numbers: CVE-2016-3134 [Bulletin-CVE-2016-3134]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel netfilter subsystem
• Details: The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. [NIST-CVE-2016-3134]
• Discovered by: on: Unknown
• Reported on: 2016-09-01 [Bulletin-CVE-2016-3134]
• Fixed on: 2016-03-22 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-3134]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel networking component

CVE-2015-2686

(json)

• CVE numbers: CVE-2015-2686 [Bulletin-CVE-2015-2686]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel networking component
• Details: net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. [NIST-CVE-2015-2686]
• Discovered by: on: Unknown
• Reported on: 2016-08-01 [Bulletin-CVE-2015-2686]
• Fixed on: 2015-03-20 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-2686]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-3841

(json)

• CVE numbers: CVE-2016-3841 [Bulletin-CVE-2016-3841]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel networking component
• Details: The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. [NIST-CVE-2016-3841]
• Discovered by: on: Unknown
• Reported on: 2016-08-01 [Bulletin-CVE-2016-3841]
• Fixed on: 2015-11-29 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-3841]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel networking subsystem

• CVE-2014-9914
• CVE-2013-7446
• CVE-2016-9806
• CVE-2016-6828
• CVE-2016-10200

Elevation of privilege vulnerability in kernel security subsystem

CVE-2014-9529

(json)

• CVE numbers: CVE-2014-9529 [Bulletin-CVE-2014-9529]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel security subsystem
• Details: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. [NIST-CVE-2014-9529]
• Discovered by: on: Unknown
• Reported on: 2016-09-01 [Bulletin-CVE-2014-9529]
• Fixed on: 2014-12-29 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2014-9529]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-4470

(json)

• CVE numbers: CVE-2016-4470 [Bulletin-CVE-2016-4470]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel security subsystem
• Details: The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. [NIST-CVE-2016-4470]
• Discovered by: on: Unknown
• Reported on: 2016-09-01 [Bulletin-CVE-2016-4470]
• Fixed on: 2016-06-16 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-4470]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel shared memory subsystem

CVE-2016-5340

(json)

• CVE numbers: CVE-2016-5340 [Bulletin-CVE-2016-5340]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel shared memory subsystem
• Details: The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. [NIST-CVE-2016-5340]
• Discovered by: on: Unknown
• Reported on: 2016-09-01 [Bulletin-CVE-2016-5340]
• Fixed on: 2016-06-22 [QC-CR#1008948]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-5340]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in kernel sound subsystem

CVE-2016-2184

(json)

• CVE numbers: CVE-2016-2184 [Bulletin-CVE-2016-2184]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel sound subsystem
• Details: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. [NIST-CVE-2016-2184]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-2184]
• Fixed on: 2016-03-31 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-2184]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-9794

(json)

• CVE numbers: CVE-2016-9794 [Bulletin-CVE-2016-9794]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel sound subsystem
• Details: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. [NIST-CVE-2016-9794]
• Discovered by: on: Unknown
• Reported on: 2017-05-01 [Bulletin-CVE-2016-9794]
• Fixed on: 2016-12-12 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-9794]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Elevation of privilege vulnerability in libzipfile

CVE-2016-6700

(json)

• CVE numbers: CVE-2016-6700 [Bulletin-CVE-2016-6700]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in libzipfile
• Details: An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186. [NIST-CVE-2016-6700]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-6700]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1 [Bulletin-CVE-2016-6700] regex: (4.4.4)|(5.0.2)|(5.1.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-6700]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1 [Bulletin-CVE-2016-6700]
• Submission: by: Daniel Carter, on: 2019-07-29

Elevation of privilege vulnerability in recovery verifier

CVE-2017-0475

(json)

• CVE numbers: CVE-2017-0475 [Bulletin-CVE-2017-0475]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in recovery verifier
• Details: An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369. [NIST-CVE-2017-0475]
• Discovered by: Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0475] on: Unknown
• Reported on: 2017-03-01 [Bulletin-CVE-2017-0475]
• Fixed on: 2016-12-16 [A-31914369]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0475] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2017-0475]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2017-0475]
• Submission: by: Daniel Carter, on: 2019-07-26

Framework

• CVE-2018-9433
• CVE-2018-9490
• CVE-2019-1988
• CVE-2019-1986
• CVE-2019-1987

Integer overflow in libstagefright processing MPEG4 covr atoms when chunk_data_size is SIZE_MAX

CVE-2015-3829

(json)

• CVE numbers: CVE-2015-3829 [Bulletin-CVE-2015-3829]
• Coordinated disclosure?: unknown
• Categories: Integer overflow in libstagefright processing MPEG4 covr atoms when chunk_data_size is SIZE_MAX
• Details: Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. [NIST-CVE-2015-3829]
• Discovered by: on: Unknown
• Reported on: 2015-08-01 [Bulletin-CVE-2015-3829]
• Fixed on: 2015-05-04 [ANDROID-20923261]
• Fix released on: Unknown
• Affected versions: 5.0 and above [Bulletin-CVE-2015-3829] regex: 5.[0-1].[0-9]
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3829]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Integer overflow in libstagefright when parsing the MPEG4 tx3g atom

CVE-2015-3824

(json)

• CVE numbers: CVE-2015-3824 [Bulletin-CVE-2015-3824]
• Coordinated disclosure?: unknown
• Categories: Integer overflow in libstagefright when parsing the MPEG4 tx3g atom
• Details: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. [NIST-CVE-2015-3824]
• Discovered by: on: Unknown
• Reported on: 2015-08-01 [Bulletin-CVE-2015-3824]
• Fixed on: 2015-05-04 [ANDROID-20923261]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3824] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3824]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Integer overflows during MP4 atom processing

CVE-2015-1538

(json)

• CVE numbers: CVE-2015-1538 [Bulletin-CVE-2015-1538]
• Coordinated disclosure?: unknown
• Categories: Integer overflows during MP4 atom processing
• Details: Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. [NIST-CVE-2015-1538]
• Discovered by: on: Unknown
• Reported on: 2015-08-01 [Bulletin-CVE-2015-1538]
• Fixed on: 2015-04-08 [ANDROID-20139950]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-1538] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-1538]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata

CVE-2015-3828

(json)

• CVE numbers: CVE-2015-3828 [Bulletin-CVE-2015-3828]
• Coordinated disclosure?: unknown
• Categories: Integer underflow in libstagefright if size is below 6 while processing 3GPP metadata
• Details: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. [NIST-CVE-2015-3828]
• Discovered by: on: Unknown
• Reported on: 2015-08-01 [Bulletin-CVE-2015-3828]
• Fixed on: 2015-05-04 [ANDROID-20923261]
• Fix released on: Unknown
• Affected versions: 5.0 and above [Bulletin-CVE-2015-3828] regex: 5.[0-1].[0-9]
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3828]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Integer underflow in libstagefright when processing MPEG4 covr atoms

CVE-2015-3827

(json)

• CVE numbers: CVE-2015-3827 [Bulletin-CVE-2015-3827]
• Coordinated disclosure?: unknown
• Categories: Integer underflow in libstagefright when processing MPEG4 covr atoms
• Details: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. [NIST-CVE-2015-3827]
• Discovered by: on: Unknown
• Reported on: 2015-08-01 [Bulletin-CVE-2015-3827]
• Fixed on: 2015-05-04 [ANDROID-20923261]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3827] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3827]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Kernel components

CVE-2017-8890

(json)

• CVE numbers: CVE-2017-8890 [Bulletin-CVE-2017-8890]
• Coordinated disclosure?: unknown
• Categories: Kernel components
• Details: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. [NIST-CVE-2017-8890]
• Discovered by: on: Unknown
• Reported on: 2017-09-01 [Bulletin-CVE-2017-8890]
• Fixed on: 2017-05-09 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2017-8890]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

LG components

CVE-2018-9364

(json)

• CVE numbers: CVE-2018-9364 [Bulletin-CVE-2018-9364]
• Coordinated disclosure?: unknown
• Categories: LG components
• Details:
• Discovered by: on: Unknown
• Reported on: 2018-06-01 [Bulletin-CVE-2018-9364]
• Fixed on: Unknown
• Fix released on: 2018-06-05 [Bulletin-CVE-2018-9364]
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: LG [Bulletin-CVE-2018-9364]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-25

Media Framework

• CVE-2017-0756
• CVE-2017-0759
• CVE-2017-0762
• CVE-2017-0760
• CVE-2017-0757
• CVE-2017-0758
• CVE-2017-0761
• CVE-2017-0763
• CVE-2017-0765
• CVE-2017-0764

Media framework

• CVE-2017-0673
• CVE-2017-0680
• CVE-2017-0677
• CVE-2017-0637
• CVE-2017-0674
• CVE-2017-0675
• CVE-2017-0676
• CVE-2017-0719
• CVE-2017-0721
• CVE-2017-0723
• CVE-2017-0540
• CVE-2017-0811
• CVE-2017-0679
• CVE-2017-0715
• CVE-2017-0681
• CVE-2017-0716
• CVE-2017-0678
• CVE-2017-0745
• CVE-2017-0714
• CVE-2017-0722
• CVE-2017-0720
• CVE-2017-0718
• CVE-2017-0810
• CVE-2017-0832
• CVE-2017-0835
• CVE-2017-0833
• CVE-2017-0809
• CVE-2017-0834
• CVE-2017-13230
• CVE-2017-13151
• CVE-2017-13249
• CVE-2017-0878
• CVE-2018-9473
• CVE-2017-0836
• CVE-2017-0872
• CVE-2017-13178
• CVE-2017-13179
• CVE-2017-13177
• CVE-2017-13228
• CVE-2017-0876
• CVE-2017-0877
• CVE-2017-13248
• CVE-2017-13250
• CVE-2017-13251
• CVE-2018-9498
• CVE-2017-13276
• CVE-2017-13277
• CVE-2018-9341
• CVE-2018-9411
• CVE-2018-9427
• CVE-2018-5146
• CVE-2018-9536
• CVE-2018-9550
• CVE-2018-9496
• CVE-2018-9497
• CVE-2018-9531
• CVE-2018-9537
• CVE-2018-9551
• CVE-2018-9527
• CVE-2018-9549
• CVE-2018-9552
• CVE-2019-2095
• CVE-2019-1989
• CVE-2019-2028
• CVE-2019-1990
• CVE-2019-2093
• CVE-2019-2027
• CVE-2019-2044
• CVE-2019-2106
• CVE-2019-2094
• CVE-2019-2107
• CVE-2019-2109

MediaTek components

CVE-2018-9373

(json)

• CVE numbers: CVE-2018-9373 [Bulletin-CVE-2018-9373]
• Coordinated disclosure?: unknown
• Categories: MediaTek components
• Details:
• Discovered by: on: Unknown
• Reported on: 2018-06-01 [Bulletin-CVE-2018-9373]
• Fixed on: Unknown
• Fix released on: 2018-06-05 [Bulletin-CVE-2018-9373]
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: MediaTek [Bulletin-CVE-2018-9373]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-25

NVIDIA components

CVE-2017-6289

(json)

• CVE numbers: CVE-2017-6289 [Bulletin-CVE-2017-6289]
• Coordinated disclosure?: unknown
• Categories: NVIDIA components
• Details: In Android before the 2018-05-05 security patch level, NVIDIA Trusted Execution Environment (TEE) contains a memory corruption (due to unusual root cause) vulnerability, which if run within the speculative execution of the TEE, may lead to local escalation of privileges. This issue is rated as critical. Android: A-72830049. Reference: N-CVE-2017-6289. [NIST-CVE-2017-6289]
• Discovered by: on: Unknown
• Reported on: 2018-05-01 [Bulletin-CVE-2017-6289]
• Fixed on: Unknown
• Fix released on: 2018-05-05 [Bulletin-CVE-2017-6289]
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: NVIDIA [Bulletin-CVE-2017-6289]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-6271

(json)

• CVE numbers: CVE-2018-6271 [Bulletin-CVE-2018-6271]
• Coordinated disclosure?: unknown
• Categories: NVIDIA components
• Details: NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474. [NIST-CVE-2018-6271]
• Discovered by: Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team [Discovery-CVE-2018-6271] on: Unknown
• Reported on: 2019-02-01 [Bulletin-CVE-2018-6271]
• Fixed on: Unknown
• Fix released on: 2019-02-05 [Bulletin-CVE-2018-6271]
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: NVIDIA [Bulletin-CVE-2018-6271]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-24

Qualcomm closed-source components

• CVE-2014-9953
• CVE-2014-9960
• CVE-2014-9961
• CVE-2014-9967
• CVE-2015-9008
• CVE-2015-9009
• CVE-2015-9010
• CVE-2015-9011
• CVE-2015-9012
• CVE-2015-9013
• CVE-2015-9014
• CVE-2015-9015
• CVE-2015-9024
• CVE-2015-9026
• CVE-2015-9027
• CVE-2015-9029
• CVE-2016-10298
• CVE-2016-10299
• CVE-2016-10333
• CVE-2016-10334
• CVE-2016-10335
• CVE-2016-10336
• CVE-2016-10338
• CVE-2016-10339
• CVE-2016-10340
• CVE-2016-10341
• CVE-2017-6211
• CVE-2017-14911
• CVE-2017-17773
• CVE-2017-18071
• CVE-2017-18128
• CVE-2017-18146
• CVE-2017-8274
• CVE-2018-3591
• CVE-2018-3592
• CVE-2016-2108
• CVE-2017-18171
• CVE-2018-11257
• CVE-2018-11259
• CVE-2018-5874
• CVE-2018-5875
• CVE-2018-5876
• CVE-2017-18296
• CVE-2017-18305
• CVE-2017-18310
• CVE-2016-10394
• CVE-2017-18311
• CVE-2017-18314
• CVE-2018-11824
• CVE-2018-11950
• CVE-2018-5866
• CVE-2017-18317
• CVE-2018-11264
• CVE-2017-11004
• CVE-2017-18141
• CVE-2017-8248
• CVE-2018-11279
• CVE-2018-5913
• CVE-2018-11847
• CVE-2018-11289
• CVE-2018-11820
• CVE-2018-11938
• CVE-2018-11945
• CVE-2017-8252
• CVE-2018-11958
• CVE-2018-11271
• CVE-2018-11976
• CVE-2018-12004
• CVE-2018-13886
• CVE-2018-13887
• CVE-2019-2250
• CVE-2018-13898
• CVE-2018-5912
• CVE-2019-2255
• CVE-2019-2256
• CVE-2018-13924
• CVE-2018-13927
• CVE-2019-2254
• CVE-2019-2322
• CVE-2019-2327
• CVE-2019-10539
• CVE-2019-10540

Qualcomm closed-source components 2014-2016 cumulative update

CVE-2014-9996

(json)

• CVE numbers: CVE-2014-9996 [Bulletin-CVE-2014-9996]
• Coordinated disclosure?: unknown
• Categories: Qualcomm closed-source components 2014-2016 cumulative update
• Details: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur. [NIST-CVE-2014-9996]
• Discovered by: on: Unknown
• Reported on: 2018-04-01 [Bulletin-CVE-2014-9996]
• Fixed on: Unknown
• Fix released on: 2018-04-05 [Bulletin-CVE-2014-9996]
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9996]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-25

Qualcomm components

• CVE-2016-3706
• CVE-2016-4429
• CVE-2017-7371
• CVE-2017-9714
• CVE-2017-11013
• CVE-2017-11014
• CVE-2017-11015
• CVE-2017-11043
• CVE-2017-18067
• CVE-2017-15860
• CVE-2017-15815
• CVE-2017-11041
• CVE-2017-11053
• CVE-2017-15822
• CVE-2018-3565
• CVE-2018-3580
• CVE-2018-3569
• CVE-2018-5854
• CVE-2018-5872
• CVE-2018-11262
• CVE-2017-18155
• CVE-2018-11940
• CVE-2019-2269
• CVE-2018-11817
• CVE-2019-2287
• CVE-2019-2330
• CVE-2019-2308
• CVE-2019-10492

Remote Code Execution Vulnerabilities in Display Driver

CVE-2015-6634

(json)

• CVE numbers: CVE-2015-6634 [Bulletin-CVE-2015-6634]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in Display Driver
• Details: The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261. [NIST-CVE-2015-6634]
• Discovered by: on: Unknown
• Reported on: 2015-12-01 [Bulletin-CVE-2015-6634]
• Fixed on: 2015-10-16 [ANDROID-24163261]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-6634] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6634]
• Fixed versions: 5.1 and below [Bulletin-CVE-2015-6634]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6633

(json)

• CVE numbers: CVE-2015-6633 [Bulletin-CVE-2015-6633]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in Display Driver
• Details: The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. [NIST-CVE-2015-6633]
• Discovered by: on: Unknown
• Reported on: 2015-12-01 [Bulletin-CVE-2015-6633]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 6.0 and below [Bulletin-CVE-2015-6633] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6633]
• Fixed versions: 6.0 and below [Bulletin-CVE-2015-6633]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerabilities in Mediaserver

CVE-2015-6608

(json)

• CVE numbers: CVE-2015-6608 [Bulletin-CVE-2015-6608]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in Mediaserver
• Details: mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. [NIST-CVE-2015-6608]
• Discovered by: on: Unknown
• Reported on: 2015-11-01 [Bulletin-CVE-2015-6608]
• Fixed on: 2015-09-08 [ANDROID-23876444]
• Fix released on: Unknown
• Affected versions: 5.0, 5.1, 6.0, 4.4, 5.0, 5.1, 6.0, 4.4 and 5.1, 5.0, 5.1, 6.0 [Bulletin-CVE-2015-6608] regex: (5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])|(4.4.[0-9])|(5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])|(4.4.[0-9])|(5.1.[0-9])|(5.0.[0-9])|(5.1.[0-9])|(6.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6608]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6616

(json)

• CVE numbers: CVE-2015-6616 [Bulletin-CVE-2015-6616]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in Mediaserver
• Details: mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and CVE-2015-8507. [NIST-CVE-2015-6616]
• Discovered by: on: Unknown
• Reported on: 2015-12-01 [Bulletin-CVE-2015-6616]
• Fixed on: 2015-10-05 [ANDROID-24630158]
• Fix released on: Unknown
• Affected versions: 6.0 and below, 5.1 and below, 6.0 and below, 6.0 [Bulletin-CVE-2015-6616] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6616]
• Fixed versions: 6.0 and below, 5.1 and below, 6.0 and below, 6.0 [Bulletin-CVE-2015-6616]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerabilities in Sonivox

CVE-2015-3874

(json)

• CVE numbers: CVE-2015-3874 [Bulletin-CVE-2015-3874]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in Sonivox
• Details: The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. [NIST-CVE-2015-3874]
• Discovered by: on: Unknown
• Reported on: 2015-10-01 [Bulletin-CVE-2015-3874]
• Fixed on: 2015-08-21 [2]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3874] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3874]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerabilities in libFLAC

CVE-2014-9028

(json)

• CVE numbers: CVE-2014-9028 [Bulletin-CVE-2014-9028]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in libFLAC
• Details: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. [NIST-CVE-2014-9028]
• Discovered by: on: Unknown
• Reported on: 2015-10-01 [Bulletin-CVE-2014-9028]
• Fixed on: 2015-02-27 [2]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2014-9028] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2014-9028]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerabilities in libstagefright

• CVE-2015-3867
• CVE-2015-6601
• CVE-2015-3870
• CVE-2015-3823
• CVE-2015-3871
• CVE-2015-6600
• CVE-2015-3869
• CVE-2015-6604
• CVE-2015-6603
• CVE-2015-3876
• CVE-2015-3868
• CVE-2015-3873
• CVE-2015-6598
• CVE-2015-3872
• CVE-2015-6599

Remote Code Execution Vulnerabilities in libutils

CVE-2015-3875

(json)

• CVE numbers: CVE-2015-3875 [Bulletin-CVE-2015-3875]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in libutils
• Details: libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. [NIST-CVE-2015-3875]
• Discovered by: on: Unknown
• Reported on: 2015-10-01 [Bulletin-CVE-2015-3875]
• Fixed on: 2015-08-18 [ANDROID-22952485]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3875] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3875]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6602

(json)

• CVE numbers: CVE-2015-6602 [Bulletin-CVE-2015-6602]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in libutils
• Details: libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. [NIST-CVE-2015-6602]
• Discovered by: on: Unknown
• Reported on: 2015-10-01 [Bulletin-CVE-2015-6602]
• Fixed on: 2015-08-20 [ANDROID-23290056]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-6602] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6602]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerabilities in libvpx

CVE-2016-1621

(json)

• CVE numbers: CVE-2016-1621 [Bulletin-CVE-2016-1621]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in libvpx
• Details: libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. [NIST-CVE-2016-1621]
• Discovered by: on: Unknown
• Reported on: 2016-03-01 [Bulletin-CVE-2016-1621]
• Fixed on: 2016-01-19 [[3]]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0 [Bulletin-CVE-2016-1621] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-1621]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0 [Bulletin-CVE-2016-1621]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerabilities in libwebm

CVE-2016-2464

(json)

• CVE numbers: CVE-2016-2464 [Bulletin-CVE-2016-2464]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerabilities in libwebm
• Details: libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726. [NIST-CVE-2016-2464]
• Discovered by: on: Unknown
• Reported on: 2016-06-01 [Bulletin-CVE-2016-2464]
• Fixed on: 2016-01-11 [2]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2464] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-2464]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2464]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver

CVE-2016-0801

(json)

• CVE numbers: CVE-2016-0801 [Bulletin-CVE-2016-0801]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver
• Details: The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. [NIST-CVE-2016-0801]
• Discovered by: on: Unknown
• Reported on: 2016-02-01 [Bulletin-CVE-2016-0801]
• Fixed on: 2015-11-30 [ANDROID-25662029]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0801] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: Broadcom [Bulletin-CVE-2016-0801]
• Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0801]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0802

(json)

• CVE numbers: CVE-2016-0802 [Bulletin-CVE-2016-0802]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver
• Details: The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181. [NIST-CVE-2016-0802]
• Discovered by: on: Unknown
• Reported on: 2016-02-01 [Bulletin-CVE-2016-0802]
• Fixed on: 2015-12-09 [ANDROID-25306181]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0802] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: Broadcom [Bulletin-CVE-2016-0802]
• Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0802]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerability in DHCPCD

CVE-2014-6060

(json)

• CVE numbers: CVE-2014-6060 [Bulletin-CVE-2014-6060]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in DHCPCD
• Details: The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. [NIST-CVE-2014-6060]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2014-6060]
• Fixed on: 2014-08-15 [ANDROID-16677003]
• Fix released on: Unknown
• Affected versions: 4.4.4 [Bulletin-CVE-2014-6060] regex: (4.4.4)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2014-6060]
• Fixed versions: 4.4.4 [Bulletin-CVE-2014-6060]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-1503

(json)

• CVE numbers: CVE-2016-1503 [Bulletin-CVE-2016-1503]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in DHCPCD
• Details: dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634. [NIST-CVE-2016-1503]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-1503]
• Fixed on: 2016-02-11 [ANDROID-26461634]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-1503] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-1503]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-1503]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerability in Media Codec

CVE-2016-0834

(json)

• CVE numbers: CVE-2016-0834 [Bulletin-CVE-2016-0834]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Media Codec
• Details: An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548. [NIST-CVE-2016-0834]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0834]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0834] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0834]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0834]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerability in Mediaserver

• CVE-2015-3864
• CVE-2016-0804
• CVE-2015-6636
• CVE-2016-0803
• CVE-2016-0836
• CVE-2016-0839
• CVE-2016-0835
• CVE-2016-0816
• CVE-2016-0815
• CVE-2016-0838
• CVE-2016-0840
• CVE-2016-0841
• CVE-2016-0837
• CVE-2016-2429
• CVE-2016-2428
• CVE-2016-2463

Remote Code Execution Vulnerability in Skia

CVE-2015-3877

(json)

• CVE numbers: CVE-2015-3877 [Bulletin-CVE-2015-3877]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Skia
• Details: Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. [NIST-CVE-2015-3877]
• Discovered by: on: Unknown
• Reported on: 2015-10-01 [Bulletin-CVE-2015-3877]
• Fixed on: 2015-04-16 [ANDROID-20723696]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3877] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3877]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6617

(json)

• CVE numbers: CVE-2015-6617 [Bulletin-CVE-2015-6617]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Skia
• Details: Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. [NIST-CVE-2015-6617]
• Discovered by: on: Unknown
• Reported on: 2015-12-01 [Bulletin-CVE-2015-6617]
• Fixed on: 2015-08-06 [ANDROID-23648740]
• Fix released on: Unknown
• Affected versions: 6.0 and below [Bulletin-CVE-2015-6617] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6617]
• Fixed versions: 6.0 and below [Bulletin-CVE-2015-6617]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerability in libstagefright

CVE-2016-0842

(json)

• CVE numbers: CVE-2016-0842 [Bulletin-CVE-2016-0842]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in libstagefright
• Details: The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142. [NIST-CVE-2016-0842]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0842]
• Fixed on: 2015-12-04 [ANDROID-25818142]
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0842] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0842]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0842]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote Code Execution Vulnerability in libutils

CVE-2015-6609

(json)

• CVE numbers: CVE-2015-6609 [Bulletin-CVE-2015-6609]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in libutils
• Details: libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. [NIST-CVE-2015-6609]
• Discovered by: on: Unknown
• Reported on: 2015-11-01 [Bulletin-CVE-2015-6609]
• Fixed on: 2015-09-02 [ANDROID-22953624]
• Fix released on: Unknown
• Affected versions: 6.0 and below [Bulletin-CVE-2015-6609] regex: ([1-5].[0-9].[0-9])|(6.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6609]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Remote code execution vulnerability in Broadcom Wi-Fi firmware

CVE-2017-0561

(json)

• CVE numbers: CVE-2017-0561 [Bulletin-CVE-2017-0561]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in Broadcom Wi-Fi firmware
• Details: A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814. [NIST-CVE-2017-0561]
• Discovered by: Gal Beniamini of Project Zero [Discovery-CVE-2017-0561] on: Unknown
• Reported on: 2017-04-01 [Bulletin-CVE-2017-0561]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Broadcom [Bulletin-CVE-2017-0561]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Remote code execution vulnerability in Conscrypt

CVE-2016-3840

(json)

• CVE numbers: CVE-2016-3840 [Bulletin-CVE-2016-3840]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in Conscrypt
• Details: Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153. [NIST-CVE-2016-3840]
• Discovered by: on: Unknown
• Reported on: 2016-08-01 [Bulletin-CVE-2016-3840]
• Fixed on: 2016-05-12 [A-28751153]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3840] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-3840]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-3840]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote code execution vulnerability in GIFLIB

CVE-2015-7555

(json)

• CVE numbers: CVE-2015-7555 [Bulletin-CVE-2015-7555]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in GIFLIB
• Details: Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. [NIST-CVE-2015-7555]
• Discovered by: on: Unknown
• Reported on: 2017-05-01 [Bulletin-CVE-2015-7555]
• Fixed on: 2017-03-13 [A-34697653]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2015-7555] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-7555]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2015-7555]
• Submission: by: Daniel Carter, on: 2019-07-26

Remote code execution vulnerability in LibUtils

CVE-2016-3861

(json)

• CVE numbers: CVE-2016-3861 [Bulletin-CVE-2016-3861]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in LibUtils
• Details: LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543. [NIST-CVE-2016-3861]
• Discovered by: on: Unknown
• Reported on: 2016-09-01 [Bulletin-CVE-2016-3861]
• Fixed on: 2016-06-28 [A-29250543]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0 [Bulletin-CVE-2016-3861] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-3861]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0 [Bulletin-CVE-2016-3861]
• Submission: by: Daniel Carter, on: 2019-07-29

Remote code execution vulnerability in Mediaserver

• CVE-2017-0470
• CVE-2016-3742
• CVE-2016-3743
• CVE-2016-2505
• CVE-2016-2507
• CVE-2016-2506
• CVE-2016-3741
• CVE-2016-3820
• CVE-2017-0587
• CVE-2016-3819
• CVE-2016-3821
• CVE-2016-2508
• CVE-2016-3862
• CVE-2016-6699
• CVE-2017-0592
• CVE-2017-0406
• CVE-2017-0407
• CVE-2017-0474
• CVE-2017-0543
• CVE-2017-0591
• CVE-2017-0466
• CVE-2017-0467
• CVE-2017-0468
• CVE-2017-0542
• CVE-2017-0469
• CVE-2017-0538
• CVE-2017-0471
• CVE-2017-0472
• CVE-2017-0539
• CVE-2017-0590
• CVE-2017-0473
• CVE-2017-0541
• CVE-2017-0589
• CVE-2017-0588

Remote code execution vulnerability in OpenSSL & BoringSSL

CVE-2016-2182

(json)

• CVE numbers: CVE-2016-2182 [Bulletin-CVE-2016-2182]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in OpenSSL & BoringSSL
• Details: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. [NIST-CVE-2016-2182]
• Discovered by: on: Unknown
• Reported on: 2017-03-01 [Bulletin-CVE-2016-2182]
• Fixed on: 2016-08-22 [A-32096880]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2016-2182] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-2182]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 [Bulletin-CVE-2016-2182]
• Submission: by: Daniel Carter, on: 2019-07-26

Remote code execution vulnerability in Qualcomm Wi-Fi driver

CVE-2014-9902

(json)

• CVE numbers: CVE-2014-9902 [Bulletin-CVE-2014-9902]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in Qualcomm Wi-Fi driver
• Details: Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941. [NIST-CVE-2014-9902]
• Discovered by: on: Unknown
• Reported on: 2016-08-01 [Bulletin-CVE-2014-9902]
• Fixed on: 2013-11-07 [QC-CR#553937]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2014-9902]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Remote code execution vulnerability in Qualcomm crypto driver

CVE-2016-6725

(json)

• CVE numbers: CVE-2016-6725 [Bulletin-CVE-2016-6725]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in Qualcomm crypto driver
• Details: A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Android ID: A-30515053. References: Qualcomm QC-CR#1050970. [NIST-CVE-2016-6725]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-6725]
• Fixed on: 2016-08-16 [QC-CR#1050970]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-6725]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-8418

(json)

• CVE numbers: CVE-2016-8418 [Bulletin-CVE-2016-8418]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in Qualcomm crypto driver
• Details: A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457. [NIST-CVE-2016-8418]
• Discovered by: Seven Shen (@lingtongshen) of Trend Micro Mobile Threat Research Team [Discovery-CVE-2016-8418] on: Unknown
• Reported on: 2017-02-01 [Bulletin-CVE-2016-8418]
• Fixed on: 2016-10-24 [QC-CR#1077457]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-8418]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Remote code execution vulnerability in Qualcomm crypto engine driver

CVE-2016-10230

(json)

• CVE numbers: CVE-2016-10230 [Bulletin-CVE-2016-10230]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in Qualcomm crypto engine driver
• Details: A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408. [NIST-CVE-2016-10230]
• Discovered by: on: Unknown
• Reported on: 2017-04-01 [Bulletin-CVE-2016-10230]
• Fixed on: 2016-11-28 [QC-CR#1091408]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2016-10230]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

Remote code execution vulnerability in Surfaceflinger

CVE-2017-0405

(json)

• CVE numbers: CVE-2017-0405 [Bulletin-CVE-2017-0405]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in Surfaceflinger
• Details: A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. [NIST-CVE-2017-0405]
• Discovered by: Scott Bauer (@ScottyBauer1) [Discovery-CVE-2017-0405] on: Unknown
• Reported on: 2017-02-01 [Bulletin-CVE-2017-0405]
• Fixed on: 2016-12-05 [A-31960359]
• Fix released on: Unknown
• Affected versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0405] regex: (7.0.[0-9])|(7.1.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2017-0405]
• Fixed versions: 7.0, 7.1.1 [Bulletin-CVE-2017-0405]
• Submission: by: Daniel Carter, on: 2019-07-26

Remote code execution vulnerability in kernel ASN.1 decoder

CVE-2016-0758

(json)

• CVE numbers: CVE-2016-0758 [Bulletin-CVE-2016-0758]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in kernel ASN.1 decoder
• Details: Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. [NIST-CVE-2016-0758]
• Discovered by: on: Unknown
• Reported on: 2016-10-01 [Bulletin-CVE-2016-0758]
• Fixed on: 2016-02-23 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0758]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

Remote code execution vulnerability in kernel networking subsystem

CVE-2016-10229

(json)

• CVE numbers: CVE-2016-10229 [Bulletin-CVE-2016-10229]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in kernel networking subsystem
• Details: udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. [NIST-CVE-2016-10229]
• Discovered by: on: Unknown
• Reported on: 2017-04-01 [Bulletin-CVE-2016-10229]
• Fixed on: 2015-12-30 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-10229]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26

CVE-2016-7117

(json)

• CVE numbers: CVE-2016-7117 [Bulletin-CVE-2016-7117]
• Coordinated disclosure?: unknown
• Categories: Remote code execution vulnerability in kernel networking subsystem
• Details: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. [NIST-CVE-2016-7117]
• Discovered by: on: Unknown
• Reported on: 2016-10-01 [Bulletin-CVE-2016-7117]
• Fixed on: 2016-03-14 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-7117]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

System

• CVE-2017-13160
• CVE-2017-0781
• CVE-2017-0782
• CVE-2017-0841
• CVE-2017-13208
• CVE-2017-13255
• CVE-2017-13256
• CVE-2017-13266
• CVE-2017-13267
• CVE-2017-13272
• CVE-2017-13282
• CVE-2017-13283
• CVE-2017-13281
• CVE-2017-13284
• CVE-2018-9356
• CVE-2018-9365
• CVE-2018-9355
• CVE-2018-9357
• CVE-2018-9446
• CVE-2018-9450
• CVE-2018-9476
• CVE-2018-9478
• CVE-2018-9479
• CVE-2018-9475
• CVE-2018-9504
• CVE-2018-9555
• CVE-2018-9583
• CVE-2018-9556
• CVE-2019-1992
• CVE-2019-1991
• CVE-2019-2009
• CVE-2019-2029
• CVE-2019-2111
• CVE-2019-2045
• CVE-2019-2046
• CVE-2019-2047
• CVE-2019-2097
• CVE-2019-2130

Vulnerabilities in Qualcomm components

• CVE-2016-3926
• CVE-2016-3927
• CVE-2016-6727
• CVE-2016-8411
• CVE-2016-8438
• CVE-2016-8442
• CVE-2016-8443
• CVE-2017-0431
• CVE-2016-8484
• CVE-2016-8485
• CVE-2016-8486
• CVE-2016-8487
• CVE-2016-8488
• CVE-2014-9931
• CVE-2014-9932
• CVE-2014-9933
• CVE-2014-9934
• CVE-2014-9935
• CVE-2014-9936
• CVE-2014-9937
• CVE-2015-8995
• CVE-2015-8996
• CVE-2015-8997
• CVE-2015-8998
• CVE-2015-8999
• CVE-2015-9000
• CVE-2015-9001
• CVE-2015-9002
• CVE-2015-9003
• CVE-2016-10237
• CVE-2016-10238
• CVE-2016-10242
• CVE-2014-9923
• CVE-2014-9924
• CVE-2014-9925
• CVE-2014-9926
• CVE-2014-9927
• CVE-2014-9928
• CVE-2014-9929
• CVE-2014-9930
• CVE-2015-9005
• CVE-2015-9006
• CVE-2015-9007
• CVE-2016-10240
• CVE-2016-10241
• CVE-2016-10297

app

WebKit Use-After-Free

(json)

• CVE numbers: CVE-2010-1119 [citation-needed]
• Coordinated disclosure?: unknown
• Categories: system, app
• Details: A vulnerability in the WebKit browser engine allows a malicious webpage to perform remote code execution [webkit-use-after-free-exploit-db]
• Discovered by: MJ Keith [webkit-use-after-free-exploit-db] on: 2011-03-11 [webkit-use-after-free-exploit-db]
• Reported on: Unknown
• Fixed on: Unknown
• Fix released on: 2010-05-20 [citation-needed]
• Affected versions: 2.0-2.1.1 [webkit-use-after-free-exploit-db] regex: (2.0.[0-9])|(2.1.[0-1])
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.2 [citation-needed]
• Submission: by: Daniel Carter, on: 2019-07-03

Browser Cross-App Scripting

(json)

• CVE numbers: CVE-2011-2357 [watchfire-crossapp][archived]
• Coordinated disclosure?: true
• Categories: app
• Details: Android browser could be tricked into running javascript in the domain of a different app [watchfire-crossapp][archived]
• Discovered by: Roee Hay and Yair Amit of the IBM Rational Application Security Research Group [citation-needed] on: Unknown
• Reported on: 2011-07-31 [watchfire-crossapp][archived]
• Fixed on: 2011-06-20 [browser-fix]
• Fix released on: Unknown
• Affected versions: 2.3.4, 3.1 [watchfire-crossapp][archived] regex:
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.3.5, 3.2 [citation-needed]
• Submission: by: Roee Hay, on: 2015-10-15

certifi-gate

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories: app
• Details: Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs on a device. mRSTs allow remote personnel to offer customers personalized technical support for their devices by replicating a device’s screen and by simulating screen clicks at a remote console. If exploited, Certifi-gate allows malicious applications to gain unrestricted access to a device silently, elevating their privileges to allow access to the user data and perform a variety of actions usually only available to the device owner. [checkpoint-certifigate-blog][archived]
• Discovered by: Check Point Software Technologies Ltd. [checkpoint-certificate-report] on: Unknown
• Reported on: 2015-08-06 [checkpoint-certifigate-blog][archived]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers:
• Fixed versions:
• Submission: by: Laurent Simon, on: 2015-08-07; by: Daniel R. Thomas, on: 2016-06-01

kernel

• sock_sendpage
• KillingInTheNameOf psneuter ashmem
• exploid udev
• levitator
• mempodroid - mempodripper - mem exploit
• Qualcomm Integer oveflow diagnostics
• Qualcomm missing checks put_user get_user
• Samsung GPU DMA
• LG Lit
• Qualcomm Gandalf camera driver
• Motochopper
• libperf_event
• Qualcomm acdb audio buffer overflow
• Qualcomm Integer overflow camera
• Qualcomm stack buffer overflow camera
• Qualcomm Goodix driver procfs
• Qualcomm out of bounds camera
• pty race
• TowelRoot
• prctl_set_vma_anon_name
• Full TrustZone
• QSEECOM driver
• Mediaserver code execution
• pipe inatomic
• Qualcomm TrustZone
• dirtyc0w

network

dhcpd buffer overrun

(json)

• CVE numbers: CVE-2014-7912 [dhcpd-fix], CVE-2014-7913 [dhcpd-fix]
• Coordinated disclosure?: true
• Categories: network
• Details: The specific flaw exists within the parsing of the DHCP options in a DHCP ACK packet. The vulnerability is triggered when the LENGTH of an option, when added to the current read position, exceeds the actual length of the DHCP options buffer. An attacker can leverage this vulnerability to execute code on the device. [ZDI-15-093] This remote code execution vulnerability executes code as the dhcp user which limit's its severity [citation-needed]
• Discovered by: Jüri Aedla [ZDI-15-093] on: 2014-11-13 [ZDI-15-093]
• Reported on: 2015-03-12 [ZDI-15-093]
• Fixed on: 2014-11-15 [dhcpd-fix]
• Fix released on: Unknown
• Affected versions: All versions below 5.1 [dhcpd-circl] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])
• Affected devices: all [dhcpd-circl]
• Affected manufacturers: all [dhcpd-circl]
• Fixed versions: 5.1 [dhcpd-circl]
• Submission: by: Laurent Simon, on: 2015-03-14; by: Daniel R. Thomas, on: 2015-03-24

Stagefright

(json)

• CVE numbers: CVE-2015-1538 [nakedsecurity-stagefright], CVE-2015-1539 [nakedsecurity-stagefright], CVE-2015-3824 [nakedsecurity-stagefright], CVE-2015-3826 [nakedsecurity-stagefright], CVE-2015-3827 [nakedsecurity-stagefright], CVE-2015-3828 [nakedsecurity-stagefright], CVE-2015-3829 [nakedsecurity-stagefright]
• Coordinated disclosure?: true
• Categories: system, network
• Details: Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data. [techworm-stagefright] Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright in versions of Android prior to 5.1.1_r9 may contain multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device. [cert-kb-stagefright]
• Discovered by: Joshua J. Drake [zimperium-stagefright] on: 2015-04-09 [techworm-stagefright]
• Reported on: 2015-07-21 [zimperium-stagefright]
• Fixed on: 2015-04-08 [stagefright-fix-2]
• Fix released on: 2015-08-03 [androidpolice-sprint-update]
• Affected versions: 2.2-5.1.0 [cert-kb-stagefright] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
• Affected devices: all [cert-kb-stagefright]
• Affected manufacturers: all [cert-kb-stagefright]
• Fixed versions: 5.1.1_r9 [cert-kb-stagefright]
• Submission: by: Laurent Simon, on: 2015-07-27

Stagefright2

(json)

• CVE numbers: CVE-2015-6602 [zimperium-stagefright2], CVE-2015-3876 [android-security-october][archived]
• Coordinated disclosure?: true
• Categories: system, network
• Details: Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright). Google assigned CVE-2015-6602 to vulnerability in libutils. [zimperium-stagefright2]
• Discovered by: Joshua J. Drake [zimperium-stagefright2] on: 2015-08-15 [zimperium-stagefright2]
• Reported on: 2015-10-01 [zimperium-stagefright2]
• Fixed on: Unknown
• Fix released on: 2015-10-05 [register-stagefright2]
• Affected versions: 5.1 and below [android-security-october][archived] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
• Affected devices: all [zimperium-stagefright2]
• Affected manufacturers: all [zimperium-stagefright2]
• Fixed versions: 5.1.1, LMY48T or later, LMY48W [android-security-october][archived]
• Submission: by: Daniel R. Thomas, on: 2015-10-06; by: Laurent Simon, on: 2015-10-02; by: Alastair R. Beresford, on: 2015-10-01

permissions

• TacoRoot
• NachoRoot
• Defy republic init_runit
• Qualcomm chown init scripts
• TwerkMyMoto

signature

• Volez
• APK duplicate file
• APK unchecked name
• APK unsigned shorts
• Fake ID

system

• WebKit Use-After-Free
• KillingInTheNameOf psneuter ashmem
• RageAgainstTheCage adb
• RageAgainstTheCage zygote
• Zysploit
• Use-After-Free Remote
• Android Browser Exploit WebKit
• Gingerbreak
• zergRush
• TPSparkyRoot
• JavaScript to Java
• camera-isp - camera-sysr - Vcodec
• exynosroot
• Diaggetroot
• LG Sprite backup
• keystore buffer
• vold asec
• Z2 root exploit
• ObjectInputStream deserializable
• Full TrustZone
• Mediaserver code execution
• libmsm memory corruption
• Stagefright
• Mtkfb
• Mate7 TrustZone Exploit
• One class to rule them all
• Use-After-Free camera driver exploit
• Samsung WifiHs20UtilityService
• Stagefright2
• Metaphor
• QSEE privilege escalation
• Sensord local root