| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-10709 |
254 |
|
Bypass |
2017-06-30 |
2017-07-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. |
|
2 |
CVE-2017-9685 |
416 |
|
|
2017-08-18 |
2017-08-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. |
|
3 |
CVE-2017-9684 |
416 |
|
|
2017-08-18 |
2017-08-21 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. |
|
4 |
CVE-2017-9682 |
362 |
|
|
2017-08-18 |
2017-08-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. |
|
5 |
CVE-2017-9680 |
200 |
|
+Info |
2017-08-18 |
2017-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. |
|
6 |
CVE-2017-9679 |
200 |
|
+Info |
2017-08-18 |
2017-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. |
|
7 |
CVE-2017-9678 |
119 |
|
Overflow Mem. Corr. |
2017-08-18 |
2017-08-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). |
|
8 |
CVE-2017-8273 |
119 |
|
Overflow |
2017-08-11 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur. |
|
9 |
CVE-2017-8272 |
787 |
|
|
2017-08-18 |
2017-08-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. |
|
10 |
CVE-2017-8271 |
787 |
|
|
2017-08-11 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. |
|
11 |
CVE-2017-8270 |
416 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. |
|
12 |
CVE-2017-8269 |
200 |
|
+Info |
2017-08-11 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. |
|
13 |
CVE-2017-8268 |
119 |
|
Overflow |
2017-08-18 |
2017-08-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. |
|
14 |
CVE-2017-8267 |
190 |
|
Overflow |
2017-08-18 |
2017-08-22 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. |
|
15 |
CVE-2017-8266 |
416 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. |
|
16 |
CVE-2017-8265 |
415 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. |
|
17 |
CVE-2017-8264 |
264 |
|
DoS |
2017-08-11 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. |
|
18 |
CVE-2017-8263 |
19 |
|
|
2017-08-18 |
2017-08-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. |
|
19 |
CVE-2017-8262 |
416 |
|
|
2017-08-18 |
2017-08-23 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. |
|
20 |
CVE-2017-8261 |
264 |
|
|
2017-08-18 |
2017-08-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. |
|
21 |
CVE-2017-8260 |
787 |
|
|
2017-08-18 |
2017-08-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. |
|
22 |
CVE-2017-8259 |
119 |
|
Overflow |
2017-08-11 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer. |
|
23 |
CVE-2017-8258 |
125 |
|
|
2017-08-11 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. |
|
24 |
CVE-2017-8257 |
264 |
|
|
2017-08-18 |
2017-08-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. |
|
25 |
CVE-2017-8256 |
264 |
|
|
2017-08-18 |
2017-08-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. |
|
26 |
CVE-2017-8255 |
190 |
|
Overflow |
2017-08-18 |
2017-08-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. |
|
27 |
CVE-2017-8254 |
200 |
|
+Info |
2017-08-18 |
2017-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. |
|
28 |
CVE-2017-8253 |
264 |
|
|
2017-08-18 |
2017-08-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. |
|
29 |
CVE-2017-8243 |
119 |
|
Overflow |
2017-08-16 |
2017-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. |
|
30 |
CVE-2017-8242 |
362 |
|
|
2017-06-13 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. |
|
31 |
CVE-2017-8241 |
119 |
|
Overflow |
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length. |
|
32 |
CVE-2017-8240 |
119 |
|
Overflow |
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. |
|
33 |
CVE-2017-8239 |
200 |
|
+Info |
2017-06-13 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. |
|
34 |
CVE-2017-8238 |
119 |
|
Overflow |
2017-06-13 |
2017-06-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function. |
|
35 |
CVE-2017-8237 |
119 |
|
Overflow |
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image. |
|
36 |
CVE-2017-8236 |
119 |
|
Overflow |
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver. |
|
37 |
CVE-2017-8235 |
254 |
|
|
2017-06-13 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. |
|
38 |
CVE-2017-8234 |
284 |
|
|
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. |
|
39 |
CVE-2017-8233 |
787 |
|
|
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write. |
|
40 |
CVE-2017-7373 |
415 |
|
|
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. |
|
41 |
CVE-2017-7372 |
119 |
|
Overflow |
2017-06-13 |
2017-07-07 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. |
|
42 |
CVE-2017-7371 |
416 |
|
|
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth. |
|
43 |
CVE-2017-7370 |
416 |
|
|
2017-06-13 |
2017-07-07 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. |
|
44 |
CVE-2017-7369 |
20 |
|
|
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption. |
|
45 |
CVE-2017-7368 |
362 |
|
|
2017-06-13 |
2017-07-07 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. |
|
46 |
CVE-2017-7367 |
191 |
|
|
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. |
|
47 |
CVE-2017-7366 |
20 |
|
|
2017-06-13 |
2017-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. |
|
48 |
CVE-2017-7365 |
119 |
|
Overflow |
2017-06-13 |
2017-07-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated. |
|
49 |
CVE-2017-7364 |
416 |
|
|
2017-08-18 |
2017-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition. |
|
50 |
CVE-2017-6421 |
264 |
|
Overflow |
2017-08-16 |
2017-08-20 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow. |
