| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2018-11270 |
415 |
|
Mem. Corr. |
2018-09-18 |
2018-11-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption. |
|
52 |
CVE-2018-11265 |
119 |
|
Overflow |
2018-09-18 |
2018-11-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment. |
|
53 |
CVE-2018-11263 |
129 |
|
|
2018-09-06 |
2018-11-14 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05. |
|
54 |
CVE-2018-11262 |
787 |
|
|
2018-09-04 |
2018-10-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT. |
|
55 |
CVE-2018-9515 |
264 |
|
Mem. Corr. |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A |
|
56 |
CVE-2018-9513 |
415 |
|
Mem. Corr. |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111081202 References: N/A |
|
57 |
CVE-2018-9511 |
254 |
|
DoS |
2018-10-02 |
2018-11-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on sockets with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-111650288 |
|
58 |
CVE-2018-9510 |
200 |
|
+Info |
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
|
In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065 |
|
59 |
CVE-2018-9509 |
200 |
|
+Info |
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
|
In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027 |
|
60 |
CVE-2018-9508 |
125 |
|
|
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
|
In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-111936834 |
|
61 |
CVE-2018-9507 |
125 |
|
|
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
|
In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951 |
|
62 |
CVE-2018-9506 |
125 |
|
|
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
|
In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111803925 |
|
63 |
CVE-2018-9505 |
125 |
|
|
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
|
In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536 |
|
64 |
CVE-2018-9504 |
787 |
|
Exec Code |
2018-10-02 |
2018-11-20 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176 |
|
65 |
CVE-2018-9503 |
125 |
|
|
2018-10-02 |
2018-11-20 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-80432928 |
|
66 |
CVE-2018-9502 |
125 |
|
|
2018-10-02 |
2018-11-20 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
|
In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111936792 |
|
67 |
CVE-2018-9501 |
264 |
|
Bypass |
2018-10-02 |
2018-11-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 |
|
68 |
CVE-2018-9499 |
200 |
|
+Info |
2018-10-02 |
2018-11-20 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474 |
|
69 |
CVE-2018-9498 |
787 |
|
Exec Code Overflow |
2018-10-02 |
2018-11-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 |
|
70 |
CVE-2018-9497 |
787 |
|
Exec Code |
2018-10-02 |
2018-11-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669 |
|
71 |
CVE-2018-9496 |
787 |
|
Exec Code |
2018-10-02 |
2018-11-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924 |
|
72 |
CVE-2018-9493 |
89 |
|
Sql |
2018-10-02 |
2018-11-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900 |
|
73 |
CVE-2018-6254 |
125 |
|
|
2018-05-10 |
2018-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. |
|
74 |
CVE-2018-6246 |
200 |
|
+Info |
2018-05-10 |
2018-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. |
|
75 |
CVE-2018-5907 |
20 |
|
Overflow |
2018-07-06 |
2018-08-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
76 |
CVE-2018-5905 |
119 |
|
Overflow |
2018-09-19 |
2018-11-08 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access. |
|
77 |
CVE-2018-5899 |
416 |
|
|
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free. |
|
78 |
CVE-2018-5898 |
190 |
|
Overflow |
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
79 |
CVE-2018-5897 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
80 |
CVE-2018-5896 |
125 |
|
|
2018-07-06 |
2018-08-27 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied. |
|
81 |
CVE-2018-5895 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
82 |
CVE-2018-5893 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur. |
|
83 |
CVE-2018-5890 |
264 |
|
Bypass |
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
84 |
CVE-2018-5889 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
85 |
CVE-2018-5888 |
125 |
|
|
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
86 |
CVE-2018-5887 |
125 |
|
|
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
87 |
CVE-2018-5886 |
125 |
|
|
2018-07-06 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed. |
|
88 |
CVE-2018-5873 |
416 |
|
|
2018-07-06 |
2018-08-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. |
|
89 |
CVE-2018-5872 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur. |
|
90 |
CVE-2018-5865 |
191 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. |
|
91 |
CVE-2018-5864 |
119 |
|
Overflow +Info |
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur. |
|
92 |
CVE-2018-5863 |
119 |
|
Overflow |
2018-06-15 |
2018-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
93 |
CVE-2018-5862 |
119 |
|
Overflow |
2018-07-06 |
2018-09-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur. |
|
94 |
CVE-2018-5860 |
824 |
|
|
2018-06-15 |
2018-08-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly. |
|
95 |
CVE-2018-5859 |
416 |
|
|
2018-07-06 |
2018-08-27 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. |
|
96 |
CVE-2018-5858 |
119 |
|
Overflow |
2018-07-06 |
2018-08-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur. |
|
97 |
CVE-2018-5857 |
416 |
|
|
2018-06-15 |
2018-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
98 |
CVE-2018-5855 |
119 |
|
Overflow |
2018-07-06 |
2018-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur. |
|
99 |
CVE-2018-5854 |
119 |
|
Overflow |
2018-06-15 |
2018-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
100 |
CVE-2018-5853 |
416 |
|
|
2018-07-06 |
2018-08-29 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition. |
